Using FortiAuthenticator To Perform Account Self Service For AD
I was asked a question on the FortiAuthenticator 4.0 Admin Guide about whether or not the FortiAuthenticator was needed in order for a FortiGate to communicate and authenticate with Windows Active Directory. The answer to that question is a resounding “NO” but it did remind me of a neat trick the FortiAuthenticator does provide when deployed in a LDAP environment. I like to call little things like this configuration the key to #FortiSuccess
When a FortiAuthenticator is deployed in a Windows Active Directory environment and it’s service account (the account you created for it to use when authenticating to AD in order to perform service tasks and lookups) has permissions to read and write to update passwords, you can utilize the FortiAuthenticator self service portal for your users in order to perform AD password resets.
We all know, having worked in help desk style environments before, that one of the most frequent trouble tickets a service desk receives is the dreaded password resets due to users forgetting their credentials.
So buy a FortiAuthenticator, deploy it in your environment, and utilize it for self service so that you can reduce your help desk work load and overhead!
I deployed this configuration for a large university and they were able to greatly reduce the work load and needs of their help desk and at the same time caused their users to feel empowered.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!