What is our primary use case?
We use this solution for two-factor authentication of most of our services. It includes VPN but also many other services that we have on our internet servers. We use the on-premise version because we also want it integrated into our in-house applications. We are customers of Fortinet and I'm a systems administrator.
How has it helped my organization?
Security is such a big issue these days, a password alone is no longer enough for securing identity. In that sense, providing a second layer of authentication for users gives the company some level of comfort.
What is most valuable?
I think the ease of deployment is a valuable feature. I like that the interface is intuitive and that natively and easily, it integrates with radios, ILDAP, fan mail, and with any applications supporting those protocols
What needs improvement?
I'd say that the integration with some other enterprise applications could be improved. For instance, ADFS. FortiAuthenticator does not work natively with ADFS and the company is not looking in that direction. It's one of our in-house applications and it was a challenge integrating with FortiAuthenticator. We had to write a separate, customized adapter for ADFS before we could make it work. We tried to get Fortinet to work on it but I don't think their development team is interested. It's not in their plan. The other challenge was when I integrated with I think VMware - there was an issue between the radio adapter and FortiAuthenticator. Both parties were not ready to work together and the implementation was buggy.
I believe this solution can be adapted to so many things, depending on the technical side and the implementation engineers. I'd like to see some additional use cases that can be infused into the solution, such as ADFS.
For how long have I used the solution?
I've been using this solution for two years.
What do I think about the stability of the solution?
I haven't had any issues with stability.
What do I think about the scalability of the solution?
It's a very scalable solution. They now have the option of deployment as a VM, and then they have the hardware. I believe we use the 1000D for the hardware - it's able to support up to 10,000 users. You license the appliance based on the number of users and if you need to add more, you buy additional licenses. Almost everybody in the company uses it and I'd say we've had a total of around 4,000 users.
How are customer service and technical support?
The technical support is mid-range It's not your wow kind of support but they do have levels of support. The support is in connectivity with their clients and it has to be renewed every year. You might do better if you go through their partners or something similar. They're not really there when it comes to support.
Which solution did I use previously and why did I switch?
We used RSA SecurID before Fortinet. We switched because of the high costs associated with RSA. I believe that with RSA you need to pay a token license every three years but with Fortinet, once you buy it, you own it. Even if a token is lost, you can always reposition the token and that will not come at any extra cost. It's cost-effective for us. We also have several channels we can use for authentication with FortiAuthenticator. With RSA, users are stuck with either carrying the dongle, the hardware token, or maybe having the mobile application token on their phone. With Fortinet you can decide whether to use a hardware token, soft token, email token, push notification, or SMS. It gives us flexibility and comfort.
How was the initial setup?
Initial setup was pretty straightforward. We were up and running within three days. I carried out the deployment.
What's my experience with pricing, setup cost, and licensing?
The license is a one-off payment.
What other advice do I have?
Every environment is obviously different so each user needs to know what they are looking for, and make a decision based on that. This is a cost effective and flexible solution. If a company is looking to use it on their server, it's important to look at the integration channels and your environment, the support. It's important to know that the channels are supported.
I would rate this solution a seven out of 10.
Which deployment model are you using for this solution?