Transcript
In this video, we'll walk through a quick demo showcasing a solution we built from Fortinet within our Identity and Access Management portfolio. In this video, you'll notice that our FortiPAM solution serves various categories of users, either a contractor or an employee. As contractors log in, they are presented with simplified dashboards from a FortiPAM solution designed for quick access on various targets that contractors can access and also can be pre-selected during configuration, while other users, like our employees, can receive a more robust dashboard with added capabilities and users. On the screen, we have an integration between FortiPAM, our very own privileged access management solution from Fortinet, a Forti Authenticator working seamlessly with various third-party identity providers such as your EntraID, Okta, or a local authentication or Active Directory authentication. We also have a seamless integration with FortiIdentity Cloud, which provides the MFA solution. With the MFA solution, we can add an extra layer of security such that when a user logs into an application, a system, a service, he or she is fully protected reducing the success of phishing attacks as well as lowering the risk of compromised credentials. This is a key Fortinet solution to pay attention to because it applies to any vertical, whether you're an MSSP or an enterprise of any size, small, medium, or large. With the rising trend of company acquisition and mergers, the complexity of merging multiple identity providers, unifying authentication environments can quickly become a daunting challenge. With FortiPAM, Forti Authenticator Cloud, and FortiIdentity Cloud, our identity and access management strategy becomes exceptionally strong and unified. So let's get started with the demo. In this demo, we have a FortiPAM solution along with FortiIdentity Cloud and FortiAuthenticator Cloud to secure both internal and remote access. Internal users connect directly to FortiPAM, while remote endpoint users leverage CTNA logging for secure access control. When a user logs into FortiPAM, the system authenticates the identity through FortiAuthenticator Cloud using either RADIUS or SAML, validating the credentials against the remote user database. Once authenticated, FortiIdentity Cloud provides multi-factor authentication through options such as mobile push notification or email verification. All right, let's provision. On the secrets folder, let's do a quick check on the settings and sharing and enable CTNA controls. Select the device tag, and in this demo, we disable all any tags. Now that it's all set and ready to go, let's log into the FortiIdentity Cloud portal and configure remote users. In this case, we're using carl.okta.com, and let's check the remote SAML user configuration and the delivery options. We have delivery options as token code, buy FortiToken via mobile, and an email as an activation delivery method. Now let's check on JDO as well, and we are set to go. All right, let's get started with a PuTTY with SSH session, which is successful, and then let's follow up with the WinSCP launcher, WebSSH, and WebSFTP. As you can see, I was able to access them according based on my pre-configured configuration. Let's log out, and this time, let's use carl using single sign-on login. With carl, we're using Okta, and as we log in, the authentication is sent to the Okta from our FortiAuthenticator integration. With carl's account, we have a remote desktop and a web RDP launchers established as customer to Windows Server, as indicated in the earlier part of the video. Now, let's log in directly through FortiPAM and access other resources. This would be your typical FortiPAM access with predefined launchers with credentials. Now, let's check on our user list that has been initiated in the previous demo. We have a feature called auto-provision, which automatically creates privileges and access to a secret. We have carl and jdoe that are configured, and so from our recent secret event access and FortiPAM logs, not just the access that are recorded, but also it records the actual session that occurred. It records the actual session and what commands and what are the actual users did within a target. So here's an uploaded video which provides the date, the source IP, the destination IP, the secret server name, the user, and what type of launcher they used. For added FortiPAM reporting capabilities, you can download a general report on a daily basis report which provides the user login reports, the system report, secret launcher report, and more. If you want additional information about secret access report, this can be downloaded and viewable from the reports tab from the management portal. I hope you found this video helpful as we demonstrated how to integrate a complete IAM solution using FortiPAM for privilege access management, for the Authenticator Cloud for primary authentication and identity verification, and for the Identity Cloud for MFA enforcement. Thank you for watching.
