SMS Token Based Captive Portal Authentication with Forti Authenticator

Forti Authenticator is a Identity and Access Management system and very efficient when it comes for client Access Control Management. In this Blog post you will see how can you use the captive portal function on FAC for SMS Based Token Authentication. We integrate the FAC with Fortigate Firewall being NAS.

Token Authentication can be done using Hardware(Forti Hardware Token) or Soft Token(Fortinet Token Mobile) too. In this case we use SMS Gateway to deliver the token for users over SMS. I believe this could come effective for a Wireless Guest user Authentication with Token Code.

 

Step1:  Creating  wireless interface/ SSID and set the captive portal redirection URL to external portal landing page at Forti-Authenticator

21

 

Step2: You need to configure a Radius Server on fortigate Firewall for back end Authentication with Forti Authenticator.

22

 

Step3: On the fortigate Firewall you need to make sure HTTP or HTTPS/DNS allowed for the Guest user’s traffic to get successfully redirected to  captive portal page.

23

 

Step4: Now on the Forti-Authenticator you could configure the social login page with Guest account settings.

4.1 You need to enable Social Login page first.

4.2 You could then select the User Group to be placed for all the users through this portal.

4.3 Set  the Account expiration Hour for your Users

4.4 If you have multiple SMS Gateway Service then choose the one which you would like to be used. In this example, i have used Fortiguard Messaging service(Need to purchase the license)

Note: If you like to Give other Social Login access on the same page then you could enable FACEBOOK LOGIN , GOOGLE LOGIN etc. However you may need to configure the respected login key and secret setting for them to work.

 

24

 

Step 5.Setup your Radius client settings, in this case it will be your fortigate firewall.  You must use the same Shared Secret key you configured on “step-2” at fortigate firewall.

5.1 Enable  Social login portal  under radius client settings.

25

 

Step 6. After a successful user authentication you will see the user information captured as social login user.

29

7. You will get to see the following user Event on the Fortigate for the successful user login with Token.

7

8. Further on the FAC side you may be able to see the following user Events under logging and log access.

27

 

Hope the following blog post is helpful in setting up your FAC for SMS based Token Authentication.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s