A financial services company is deploying FortiAuthenticator as a SAML IdP to provide SSO access to several third-party SaaS applications. The security policy requires that user access roles within the SaaS applications be determined by their Active Directory group membership. During testing, all users are being granted a default, low-privilege role regardless of their AD group. What is the most likely cause of this issue?
A university is implementing 802.1X for its campus-wide wireless network using FortiAuthenticator. They need to support three main device types: corporate-issued laptops (which can be issued client certificates), student-owned devices (BYOD), and legacy lab equipment that does not support 802.1X. Which combination of authentication methods on FortiAuthenticator would securely address all three use cases?
An organization is using FortiAuthenticator as a local Certificate Authority (CA). They need to automate the provisioning of user certificates to a large number of non-domain-joined Windows workstations. The security team wants to ensure that certificate requests are automatically approved only for authenticated users without manual intervention. Which two components are essential to achieve this? (Select TWO)
True or False: When FortiAuthenticator is configured in a high availability (HA) active-passive cluster, the configuration is automatically synchronized from the primary to the secondary unit, but runtime data such as RADIUS accounting records and user session information are not synchronized in real-time.
A network administrator is troubleshooting an FSSO deployment where FortiAuthenticator is used to gather logon events. Users are authenticating to a Windows AD domain, but their logon events are not appearing on the FortiGate, causing identity-based policies to fail. The FortiAuthenticator is in a different subnet from the domain controllers. Which troubleshooting step should be performed first to diagnose the issue?
A company is using FortiAuthenticator to provide RADIUS authentication for VPN users. The security team wants to enforce a policy where users connecting from the corporate office network bypass two-factor authentication (2FA), but users connecting from any other network must provide a FortiToken code. How can this be configured within a single RADIUS policy?
An administrator revokes a user's certificate that was issued by the FortiAuthenticator's local CA. However, the user is still able to authenticate to the network using EAP-TLS. What is the most likely reason for this failure in security enforcement?
A hospital is setting up a guest wireless network. They require a self-registration process where guests can create their own temporary accounts, but each account must be approved by a receptionist before network access is granted. Which FortiAuthenticator feature should be used to meet this requirement?
An administrator is configuring RADIUS Single Sign-On (RSSO) on FortiAuthenticator. The goal is to create FSSO logon events based on RADIUS authentication from a third-party wireless controller. Which RADIUS message type is essential for FortiAuthenticator to receive to successfully create and terminate user sessions for RSSO?
A retail company is deploying a new wireless network and wants to use FortiAuthenticator for authentication. They have two main requirements: 1. Corporate employees must authenticate using their Active Directory credentials. 2. In-store customers should connect to a separate guest SSID and authenticate using their social media accounts (Facebook or Google). How should the administrator configure realms on FortiAuthenticator to support this?