Fortinet FortiToken Reviews

We're aiming to provide every user with mobile token-based two-factor authentication (2FA) to enhance security.

It's for internal security.

It aligns well with your overall identity and access management (IAM) strategy.

We already have IAM policies in place, and this tool strengthens them by implementing 2FA.

The token-based authentication is good and modern aspect.

The management configuration seems a bit complex and could benefit from user guides or better support resources. It could be improved in terms of user-friendliness. 

Not like the other FortiGate products. Maybe not many people have a real community for this. The lack of community support is a major concern. 

Context-sensitive online support instead of just a general user manual would be very helpful. Currently, clicking "help" on any topic simply directs you to the entire manual.

We're currently in the middle of installing it.

As it's a virtual machine (VM), we haven't encountered any stability issues so far.

The support itself is good, but it mainly comes through email responses, which can be slow.

Email support is good, but we would appreciate faster response times.

We had internal authentication systems but not a product-based system from a security company.

Most of our previous authentication systems were internal. This is the first one that integrates with network and server equipment, and it can even be implemented for SSL. It's the first security system software we've used.

We chose Fortinet FortiToken because it integrates well with our existing Fortinet FortiGate firewall UTM appliance. Since the token is a VM, it doesn't require additional hardware, which would have been an unnecessary expense. In terms of manageability and integration, it seemed like a good fit alongside FortiGate and FortiMail, all from the same Fortinet ecosystem.

It is not very easy to set up and configure 2FA with different needs.

Configuration can be confusing due to the lack of community and context-sensitive help. We've had to rely on technical support, which slows down the setup process.

Token's validity is either renewal or perpetual, which determines its return on investment (ROI), which is higher over time. It's not a subscription-based model.

From an Indian perspective, it's definitely costlier. Converted to dollars, it might seem smaller internationally. But commercially in India, it is expensive.

Overall, I would rate the solution a six out of ten because some improvements are required feature-wise. For example, before FortiToken disappears from the mobile phone, it should display our logo, not the FortiToken logo. App customization is needed so users know when FortiToken is implemented. My organization, for instance, would prefer our logo for assurance instead of the FortiToken logo.

We're using a third-party tool for second-level authentication. So, basically, we integrated our Office 365 to Active Directory for additional service, and our users need to provide the SSH people to log in. So we wanted to use that ticket, which is not scalable. So that's why it should be what we basically use FortiToken for now is to ensure that administrators who log into the box have to provide additional proof at the DCB app.

I love the push-button authentication on FortiToken Mobile. It's also great that the soft token automatically reloads the OTP at intervals, so I always have a fresh code to enter. 

I also appreciate that you need to specify the token to gain access to the box, even from the command line. So I love it also because of the fact that people can no longer log in to my box without knowing who the users are. At least, anytime we log in to the admin, which has the tool enabled on my account. So it helps me to basically keep track of who and who are trying to access my box.

I would like to see if FortiToken can integrate with Office 365 mail to support the same two-factor authentication experience that I have with ESET. With ESET, when a user logs in, they are easily directed to the ESET authentication page, where they are prompted to enter their OTP after supplying their username and password. I understand from support that FortiToken cannot do this with email integration. That's why I opted for ESET. 

In future releases,  it would be great to see Fortinet add this support in the future.

I have been using this solution for quite some while. We use the mobile version. 

It is a stable product. 

We easily move from the prem to the cloud and vice versa. So, it is a scalable solution. We have around three end users using this solution. 

The setup is straightforward. I had a problem setting up FortiToken on ESET for Active Directory users because most of my users are integrated into Active Directory. There was a problem setting up FortiToken on the accounts that are not locally stored on the FortiGate, but I was able to fix the issue with the help of support. Overall, I'm happy with the setup process.

The deployment was straightforward. If you're using Fortinet cloud or FortiToken phone mobile, once you enable that on the account, it sends you a link to download the application for the clients of FortiToken. It's something that can be done in less than a minute really.

I only had to use support when I couldn't get my users on the ED to install and set up a two-step authentication (2SA) on the account. That's because the way it was set up was it was looking for a particular filter, which was not on the ETA back on. The support was able to identify the feature to use, and I was able to resolve that. Otherwise, it's something you can do within thirty minutes or less than that.

Two admins are enough for the maintenance of the solution.

For the two licenses, I have a return on investment.

We have not added in for the commercial. What I used for my test was the two licenses that come with the FortiGate. At the point where I wanted to ask for commercial support, it didn't support what I needed it for. So that's why I didn't confirm my price with anything because I didn't need that at that point.

I only have the two free licenses, except maybe when I increase the number of local users I have that need to be able to use VPN and all that, then I would have to pay for those licenses. But for now, because the third-party tool I have supports both my VPN and my email, so I really don't need to use FortiToken now.

Overall, I would rate the solution a nine out of ten. For someone who just needs basic availability for users, I would recommend what they could use for that.

On-premises

We use the solution for two-factor authentication. If anybody we have set up on FortiAuthenticator needs two-factor authentication to log in, we use FortiToken.

Fortinet FortiToken’s licenses are perpetual. We do not have to pay monthly for multi-factor authentications like Duo or Okta. We can buy them once we pay for the license, and it's good for however long Fortinet wants to allow it to be good for. We can really save a lot of money buying a perpetual license versus paying monthly for a service like that. The solution is pretty solid. I never had to contact the technical support team.

We can only use the tool with the FortiToken Mobile app. If we could use it with other authenticator apps, it would definitely be an improvement.

I have been using the solution for about four years.

I rate the product’s stability a nine out of ten.

The tool is very scalable. We can just buy more tokens. It is very easy to scale. I rate the scalability a nine out of ten.

The initial deployment was straightforward.

I see an ROI on the product.

The solution’s price is good. I really like the price.

If someone doesn’t already have a method in place for two-factor authentication and if they use other Fortinet products, I would recommend the product to them. Overall, I rate the tool a nine out of ten.

Hybrid Cloud

I have used the solution for VPN access.

I like that the solution integrates with FortiAuthenticator well enough.

They're just the token. So, they perform like any other token. It's a very simple thing, and it just works like any other token. There's nothing that stands out. It's just another token.

It could be integrated better if you could have your FortiToken, and the license would allow you to work across multiple FortiGate solutions. So, that'd be an improvement.

I have been using Fortinet FortiToken for six or seven years. I have a lot of customers for the solution. I have no idea what version I'm using. I just have it on my phone, and I suppose it just updates automatically with other applications that update on my phone.

I haven't had any breaks, even when I use FortiToken application on Android or iPhones

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

We have customers that have 2,500 people using the solution. Also, the company that we serve has around 1,000 users.

The initial setup was straightforward.

For deployment, load the CSV of all the tokens, and then with the license, we just deploy as required for users using Fortinet's indicators, usually.

The time taken for deployment depends on how long it takes to deploy the FortiAuthenticator. We usually deploy them together. With FortiAuthenticator, or the FortinetToken or add-ons, you're looking at maybe a couple of hours to edit.

The customers need to pay for licenses. On a scale of one to ten, where one is the cheapest, and ten is the highest, I rate the pricing an eight.

It's not as expensive as some other tools, and also it's cheaper than some solutions. The fact it integrates means there are not a lot of other costs. If you're a user of FortiGate or FortiAuthenticator, it's a good price.

To make it really work, you need FortiAuthenticator, so that's an additional cost. So it is your additional cost. Relative to other solutions, it is too cheap. We won't make any money if we make it cheaper.

If you have FortiGate, I would recommend using FortiToken. But if you have Office 365 and you have the MFA, then I'd suggest you use that.

Overall, I rate the solution a nine out of ten.

On-premises

The primary use cases of Fortinet FortiToken for my customers typically involve adding multi-factor authentication (MFA) for remote access. This is often required for remote workers or external providers. For instance, in industrial environments where external companies provide services, this solution helps manage secure access. Another common use case includes providing an external captive portal and self-registration.

The most valuable feature of the solution is its mobile application. It is particularly beneficial as it eliminates the need for hardware management. Users do not have to worry about managing or replacing physical tokens, which can be advantageous if the token is lost or damaged.

I would like to see the product improvements in dynamic VLAN pooling. Specifically, when users are assigned different VLANs based on their SSID, ensuring no unintended lateral traffic between users would enhance security and efficiency.

Sometimes, SMS messages do not reach recipients correctly due to country-specific limits on SMS character length. 

I rate the stability a seven. 

The platform easily scales from a few users to thousands by adjusting the licensing and configuration. I rate the scalability an eight. 

The support team is generally responsive and helpful, but resolution times can vary.

The initial setup requires understanding the platform's approach, licensing, and the correct version selection based on the customer's context.

The deployment time depends on the functionality required by the customer. I would rate the process as a seven.

Although the platform is relatively expensive, it offers significant value. I rate the pricing a nine out of ten. 

The critical feature for ensuring secure access is the solution's comprehensive functionality, which secures the user identity of those attempting to connect. The integration of all features collectively ensures high security.

The integration process is relatively straightforward, which is beneficial when deploying the platform. It is often integrated with third-party tools. For example, it can be combined with a management system that handles tokens and supports external keys such as YubiKey for additional multi-factor authentication.

I rate it an eight out of ten. 

The name of the authenticator is from the user's site. It's sufficient for that to provide you with a number when you need to access a protected resource, which is the site. This is two-factor authentication. You have two layers of authentication. The first layer is provided by the name and password, and the second layer is provided by the authenticator. 

So you have to be attentive to that when the app prompts you, or at least the app prompts you, which advises you about the directive that someone is attempting to access this technology. And you can confirm by saying yes. It's directly linked to the internal access attempt to the site.

I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose.

On the Fortinet side, it is already well integrated with Android devices, simple devices, and PCs.

Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side.

I have been using this solution for more than three years. We use the latest version as it updates automatically. 

I would rate the stability a ten out of ten. I haven't encountered any issues with this solution's stability

It is very scalable. It can manage thousands of users. We plan to expand our customer base.

We have around 250 users. We all rely on it for our authentication needs. It's in active operation.

We used Fortinet FortiAuthenticator. 

From the customer's perspective, the setup is flexible. You have the liberty to configure it according to your preferences. It took minutes to set up. 

We can do it in-house. Simply load the installation and compute user, and then you can use it.

The technical personnel involved in deployment and maintenance are developers.

The ROI is quite high because the consistent part of it originates from any directive of credentials or end-user passwords. It's a solution that significantly improves the authentication phase. This makes it less likely that a malicious actor would be able to gain unauthorized access to the network and launch the attack.

FortiToken hardware itself does not require a license. However, the FortiAuthenticator software does require a license. The cost of the license depends on the number of users. We pay it on a yearly basis. But you can also find agreements with other options.

There are no additional costs. It is not too expensive.

Overall, I would rate the solution an eight out of ten. I would definitely recommend using the solution. There are not many functionalities. However, it is a great solution for multifactor authentication.

We are using Fortinet FortiToken for token-based mobile applications.

The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again.

In one instance, we had to call back Fortinet service providers to reactivate the token and access the system. If they could provide a managed portal for the token, then reassigning tokens can be easy.

I would also like to see some mobile-level application update. It would be easy for our team if we can have all the features in one place.

I have been using the solution since 2019. We implemented the demo piece for the PED staff and internal staff team. We deployed the solution as a case of factorization since there was a high-risk claim. We needed the solution for our critical business cases.

I would give eight out of ten for the stability of the solution.

I would rate the scalability of the solution an eight out of ten. There are about 150 users for the mobile token application in our company.

I would rate the tech support a seven out of ten. I have contacted support only once since 2019– for an activation error message. They resolved the issue within two days.

Neutral

I have been using Google Authenticator and Microsoft Authenticator. I am happy with FortiToken because it makes it very easy to install and manage tokens.

The setup of Fortinet FortiToken was very easy because the license of the solution was assigned by the vendor. Once initiated, we were able to access the tokens and assign them to the required users.

I would rate the pricing as an eight out of ten. We purchased the solution at a reasonable price in 2019.

I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment.

Hybrid Cloud

The platform's main use case is to facilitate authentication when connecting outside of the organization, particularly when using Fortinet VPN. It ensures secure access to our network resources, especially when working remotely.

The primary benefit of using FortiToken is its cost-effectiveness. It provides a reliable authentication solution without requiring significant financial investment.

One of the product's most valuable features is its ease of use. The soft token offering simplifies the authentication process, making it convenient for users. Additionally, its straightforward installation and configuration contribute to its value.

They could enhance synchronization with mobile applications, and addressing minor issues with authentication could further improve user experience.

I've been using FortiToken for about three years now.

I rate the product stability an eight out of ten. While it's generally reliable, there have been occasional instances where multiple authentication attempts were required.

Approximately 200 users are currently using FortiToken within our organization. It is scalable, and additional licenses can be easily acquired to accommodate more users as our organization grows.

The initial setup was straightforward. Onboarding and initial testing typically take about a day before the system is fully operational within our organization.

The platform's licensing cost is reasonable for our organization. We opted for a yearly subscription, which aligns well with our budgetary requirements.

FortiToken is integrated with our FortiFirewall and FortiWeb systems. This integration enhances security, especially when employees access organizational resources remotely, such as working from home.

I advise others to consider using the product to explore its token offering for simplified authentication.

I rate it a ten overall. It meets our authentication needs effectively and is a valuable asset to our organization's security infrastructure.