I have used the solution for VPN access.
Technical Consultant at Spark New Zealand
A reasonably priced solution with a straightforward setup offering stability and scalability to its users
Pros and Cons
- "Stability-wise, I rate the solution a ten out of ten."
- "It could be integrated better if you could have your FortiToken, and the license would allow you to work across multiple FortiGate solutions."
What is our primary use case?
How has it helped my organization?
What is most valuable?
I like that the solution integrates with FortiAuthenticator well enough.
They're just the token. So, they perform like any other token. It's a very simple thing, and it just works like any other token. There's nothing that stands out. It's just another token.
What needs improvement?
It could be integrated better if you could have your FortiToken, and the license would allow you to work across multiple FortiGate solutions. So, that'd be an improvement.
Buyer's Guide
Fortinet FortiToken
November 2024
Learn what your peers think about Fortinet FortiToken. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Fortinet FortiToken for six or seven years. I have a lot of customers for the solution. I have no idea what version I'm using. I just have it on my phone, and I suppose it just updates automatically with other applications that update on my phone.
What do I think about the stability of the solution?
I haven't had any breaks, even when I use FortiToken application on Android or iPhones
Stability-wise, I rate the solution a ten out of ten.
What do I think about the scalability of the solution?
Scalability-wise, I rate the solution a ten out of ten.
We have customers that have 2,500 people using the solution. Also, the company that we serve has around 1,000 users.
How was the initial setup?
The initial setup was straightforward.
For deployment, load the CSV of all the tokens, and then with the license, we just deploy as required for users using Fortinet's indicators, usually.
The time taken for deployment depends on how long it takes to deploy the FortiAuthenticator. We usually deploy them together. With FortiAuthenticator, or the FortinetToken or add-ons, you're looking at maybe a couple of hours to edit.
What's my experience with pricing, setup cost, and licensing?
The customers need to pay for licenses. On a scale of one to ten, where one is the cheapest, and ten is the highest, I rate the pricing an eight.
It's not as expensive as some other tools, and also it's cheaper than some solutions. The fact it integrates means there are not a lot of other costs. If you're a user of FortiGate or FortiAuthenticator, it's a good price.
To make it really work, you need FortiAuthenticator, so that's an additional cost. So it is your additional cost. Relative to other solutions, it is too cheap. We won't make any money if we make it cheaper.
What other advice do I have?
If you have FortiGate, I would recommend using FortiToken. But if you have Office 365 and you have the MFA, then I'd suggest you use that.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Security Manager at Yarix S.r.l.
Provides a strong layer of security through multifactor authentication and seamlessly integrates with various platforms
Pros and Cons
- "I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose."
- "Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side."
What is our primary use case?
The name of the authenticator is from the user's site. It's sufficient for that to provide you with a number when you need to access a protected resource, which is the site. This is two-factor authentication. You have two layers of authentication. The first layer is provided by the name and password, and the second layer is provided by the authenticator.
So you have to be attentive to that when the app prompts you, or at least the app prompts you, which advises you about the directive that someone is attempting to access this technology. And you can confirm by saying yes. It's directly linked to the internal access attempt to the site.
What is most valuable?
I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose.
On the Fortinet side, it is already well integrated with Android devices, simple devices, and PCs.
What needs improvement?
Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side.
For how long have I used the solution?
I have been using this solution for more than three years. We use the latest version as it updates automatically.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten. I haven't encountered any issues with this solution's stability
What do I think about the scalability of the solution?
It is very scalable. It can manage thousands of users. We plan to expand our customer base.
We have around 250 users. We all rely on it for our authentication needs. It's in active operation.
Which solution did I use previously and why did I switch?
We used Fortinet FortiAuthenticator.
How was the initial setup?
From the customer's perspective, the setup is flexible. You have the liberty to configure it according to your preferences. It took minutes to set up.
What about the implementation team?
We can do it in-house. Simply load the installation and compute user, and then you can use it.
The technical personnel involved in deployment and maintenance are developers.
What was our ROI?
The ROI is quite high because the consistent part of it originates from any directive of credentials or end-user passwords. It's a solution that significantly improves the authentication phase. This makes it less likely that a malicious actor would be able to gain unauthorized access to the network and launch the attack.
What's my experience with pricing, setup cost, and licensing?
FortiToken hardware itself does not require a license. However, the FortiAuthenticator software does require a license. The cost of the license depends on the number of users. We pay it on a yearly basis. But you can also find agreements with other options.
There are no additional costs. It is not too expensive.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. I would definitely recommend using the solution. There are not many functionalities. However, it is a great solution for multifactor authentication.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiToken
November 2024
Learn what your peers think about Fortinet FortiToken. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Assistant Manager - Information Security & Infrastructure at lankatiles
Very efficient product for multi-factor authentication in corporate environment
Pros and Cons
- "I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment."
- "The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again."
What is our primary use case?
We are using Fortinet FortiToken for token-based mobile applications.
What needs improvement?
The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again.
In one instance, we had to call back Fortinet service providers to reactivate the token and access the system. If they could provide a managed portal for the token, then reassigning tokens can be easy.
I would also like to see some mobile-level application update. It would be easy for our team if we can have all the features in one place.
For how long have I used the solution?
I have been using the solution since 2019. We implemented the demo piece for the PED staff and internal staff team. We deployed the solution as a case of factorization since there was a high-risk claim. We needed the solution for our critical business cases.
What do I think about the stability of the solution?
I would give eight out of ten for the stability of the solution.
What do I think about the scalability of the solution?
I would rate the scalability of the solution an eight out of ten. There are about 150 users for the mobile token application in our company.
How are customer service and support?
I would rate the tech support a seven out of ten. I have contacted support only once since 2019– for an activation error message. They resolved the issue within two days.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have been using Google Authenticator and Microsoft Authenticator. I am happy with FortiToken because it makes it very easy to install and manage tokens.
How was the initial setup?
The setup of Fortinet FortiToken was very easy because the license of the solution was assigned by the vendor. Once initiated, we were able to access the tokens and assign them to the required users.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing as an eight out of ten. We purchased the solution at a reasonable price in 2019.
What other advice do I have?
I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VP Sales & Research at 2BSecure@MATRIX
Provides a reliable authentication process and a straightforward setup process
Pros and Cons
- "One of the product's most valuable features is its ease of use."
- "They could enhance synchronization with mobile applications, and addressing minor issues with authentication could further improve user experience."
What is our primary use case?
The platform's main use case is to facilitate authentication when connecting outside of the organization, particularly when using Fortinet VPN. It ensures secure access to our network resources, especially when working remotely.
How has it helped my organization?
The primary benefit of using FortiToken is its cost-effectiveness. It provides a reliable authentication solution without requiring significant financial investment.
What is most valuable?
One of the product's most valuable features is its ease of use. The soft token offering simplifies the authentication process, making it convenient for users. Additionally, its straightforward installation and configuration contribute to its value.
What needs improvement?
They could enhance synchronization with mobile applications, and addressing minor issues with authentication could further improve user experience.
For how long have I used the solution?
I've been using FortiToken for about three years now.
What do I think about the stability of the solution?
I rate the product stability an eight out of ten. While it's generally reliable, there have been occasional instances where multiple authentication attempts were required.
What do I think about the scalability of the solution?
Approximately 200 users are currently using FortiToken within our organization. It is scalable, and additional licenses can be easily acquired to accommodate more users as our organization grows.
How was the initial setup?
The initial setup was straightforward. Onboarding and initial testing typically take about a day before the system is fully operational within our organization.
What's my experience with pricing, setup cost, and licensing?
The platform's licensing cost is reasonable for our organization. We opted for a yearly subscription, which aligns well with our budgetary requirements.
What other advice do I have?
FortiToken is integrated with our FortiFirewall and FortiWeb systems. This integration enhances security, especially when employees access organizational resources remotely, such as working from home.
I advise others to consider using the product to explore its token offering for simplified authentication.
I rate it a ten overall. It meets our authentication needs effectively and is a valuable asset to our organization's security infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 29, 2024
Flag as inappropriateTech Leader at Axians
Has a straightforward integration process and valuable mobile application functionality
Pros and Cons
- "The most valuable feature of the solution is its mobile application. It is particularly beneficial as it eliminates the need for hardware management."
- "I would like to see the product improvements in dynamic VLAN pooling. Specifically, when users are assigned different VLANs based on their SSID, ensuring no unintended lateral traffic between users would enhance security and efficiency."
What is our primary use case?
The primary use cases of Fortinet FortiToken for my customers typically involve adding multi-factor authentication (MFA) for remote access. This is often required for remote workers or external providers. For instance, in industrial environments where external companies provide services, this solution helps manage secure access. Another common use case includes providing an external captive portal and self-registration.
What is most valuable?
The most valuable feature of the solution is its mobile application. It is particularly beneficial as it eliminates the need for hardware management. Users do not have to worry about managing or replacing physical tokens, which can be advantageous if the token is lost or damaged.
What needs improvement?
I would like to see the product improvements in dynamic VLAN pooling. Specifically, when users are assigned different VLANs based on their SSID, ensuring no unintended lateral traffic between users would enhance security and efficiency.
What do I think about the stability of the solution?
Sometimes, SMS messages do not reach recipients correctly due to country-specific limits on SMS character length.
I rate the stability a seven.
What do I think about the scalability of the solution?
The platform easily scales from a few users to thousands by adjusting the licensing and configuration. I rate the scalability an eight.
How are customer service and support?
The support team is generally responsive and helpful, but resolution times can vary.
How was the initial setup?
The initial setup requires understanding the platform's approach, licensing, and the correct version selection based on the customer's context.
The deployment time depends on the functionality required by the customer. I would rate the process as a seven.What's my experience with pricing, setup cost, and licensing?
Although the platform is relatively expensive, it offers significant value. I rate the pricing a nine out of ten.
What other advice do I have?
The critical feature for ensuring secure access is the solution's comprehensive functionality, which secures the user identity of those attempting to connect. The integration of all features collectively ensures high security.
The integration process is relatively straightforward, which is beneficial when deploying the platform. It is often integrated with third-party tools. For example, it can be combined with a management system that handles tokens and supports external keys such as YubiKey for additional multi-factor authentication.
I rate it an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: integrator
Last updated: Aug 25, 2024
Flag as inappropriateNetwork Support at a pharma/biotech company with 1,001-5,000 employees
Provides zero-trust network with many components and easy setup
Pros and Cons
- "Fortinet offers a comprehensive solution for network security, particularly with its very effective zero-trust network access approach."
What is most valuable?
Fortinet offers a comprehensive solution for network security, particularly with its very effective zero-trust network access approach.
The solution has many components, each with its own benefits and advantages. FortiToken is straightforward to use.
For how long have I used the solution?
I have been using Fortinet FortiToken for six months.
What do I think about the scalability of the solution?
More than 400 stores in Canada are using this solution.
How are customer service and support?
The product itself is very good, and although I have extensive experience with Fortinet, I have not sought much support for it so far.
How would you rate customer service and support?
Positive
How was the initial setup?
It's very simple: install the FortiToken app on your cell phone. When you receive the FortiToken invitation by email, open the email to view the QR code. Use your phone's camera to scan the QR code, automatically importing it into the FortiToken app. Once synchronized with the FortiToken server, you can use the app for future authentication.
It's convenient because you don't need to implement a separate FortiToken server. Traditionally, with systems like RSA, you needed a dedicated server, purchased token licenses, and assigned them individually to users. However, with Fortinet, you can use FortiGate as the FortiToken server itself. Each FortiGate license includes two free FortiTokens. If you need more tokens, you purchase additional licenses. The required tokens are automatically generated after importing the license into the FortiGate. You then assign these tokens to users and send an invitation email. The user receives the email, opens the attachment or QR code, and scans it with the FortiToken app on their phone.
What's my experience with pricing, setup cost, and licensing?
If you don't have many users, the free FortiTokens included with FortiGate should be sufficient. The basic license covers up to twenty-five users. Alternatively, you can use Fortinet's FortiToken Cloud Service instead of FortiGate as the FortiToken server. This way, you don't need to have a FortiGate device.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Sep 2, 2024
Flag as inappropriateSenior IT Engineer at NMA Technologies Services Ltd
The solution is used for double factor authentication, but it's difficult to use for someone who is not knowledgeable
Pros and Cons
- "Fortinet FortiToken is used for double factor authentication."
- "You need your mobile just to enroll the tokens, and sometimes, it's difficult to use for someone who is not knowledgeable"
What is most valuable?
Fortinet FortiToken is used for double factor authentication.
What needs improvement?
You need your mobile just to enroll the tokens, and sometimes, it's difficult to use for someone who is not knowledgeable. Clients don't like the fact that they have to download the application to use Fortinet FortiToken. Having it directly on an SMS is a better option for the clients.
For how long have I used the solution?
I have been working with Fortinet FortiToken for seven to eight months.
What do I think about the stability of the solution?
Fortinet FortiToken is stable, but it's a bit slow.
I rate Fortinet FortiToken seven and a half out of ten for stability.
What do I think about the scalability of the solution?
I rate Fortinet FortiToken seven and a half out of ten for scalability.
How was the initial setup?
Fortinet FortiToken's initial setup is a bit complex. I rate Fortinet FortiToken a seven out of ten for the ease of its initial setup.
What about the implementation team?
Fortinet FortiToken can be deployed in three hours.
What's my experience with pricing, setup cost, and licensing?
Fortinet FortiToken is not an expensive solution. One license costs around 50 USD.
What other advice do I have?
Overall, I rate Fortinet FortiToken a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
National Pre-Sales and Architecture Manager at a computer software company with 10,001+ employees
Ease of administration, durable, and is capable of performing solid RADIUS authentications
Pros and Cons
- "I believe FortiToken is the simplest to implement."
- "I would like to see complete OAuth support. Also, if they can support it from a SaaS (Software as a Service) or cloud platform, that would be great."
What is our primary use case?
We use Fortinet FortiToken when a client requires it.
The FortiToken from Fortinet is primarily used for VPN authentication. That is one of the most common use cases. VPN authentication as well as two-factor authentication on VPN. In addition, two-factor authentication is required for administration access to the FortiGates.
In the rare case where the FortiAuthenticator is separate, they use it as a directory for the enterprise. It can also be used for other applications such as Microsoft. External applications and, on occasion, customer applications that use RADIUS.
What is most valuable?
I believe FortiToken is the simplest to implement. However, there is no difference in terms of features other than multi-factor authentication. It's very basic.
Ease of administration, which is not always a feature, but the ease of administration, token importing, and exporting, is why FortiToken has been considered as a multi-factor authentication solution.
What needs improvement?
FortiToken could be made much more flexible. They're doing very well now. I think having two-factor authentication on their firewalls for administration, as well as being able to use them for VPN access for MFA, was a great idea. However, in terms of a broader base of support, I believe their support for SAML, for example, could be greatly improved. OAuth, SAML, and other protocols that are more geared toward cloud-based applications, in my opinion.
I would like to see complete OAuth support. Also, if they can support it from a SaaS (Software as a Service) or cloud platform, that would be great.
For how long have I used the solution?
I have been working with Fortinet FortiToken for four or five years.
There are two kinds of customers. There are clients for whom we only implement and clients for whom we manage. Where we have a managed service with the client, we keep them on the most recent version, which is N-1.
What do I think about the stability of the solution?
Fortinet FortiToken is very durable and stable.
What do I think about the scalability of the solution?
If you don't use the VM solution, it's not very scalable because, from a hardware point of view, you almost have to buy hardware and do a full replacement. From that perspective, I wouldn't say it's scalable. But, again, if you're using your VM you would have to rebuild your VM.
I wouldn't go so far as to say it's not scalable. However, when it comes to the number of users, it is very scalable in terms of being able to cater to a small environment of five users versus 100,000. But, in my opinion, when you have to migrate as your environment grows, it's not very scalable. It is, but it is difficult to import and export through it.
The number of users we have is probably in the region of 20 or 25.
It would be on a daily basis because you have to log on all the time, especially now that you're remote. And MFA is required by the majority of our company or clients.
How are customer service and support?
I work with Fortinet support on a regular basis.
In terms of support, Fortinet is one of the better vendors. However, they face significant challenges when it comes to getting a response. When you log a support call, getting the response you want is always a problem. It's almost as if you're being passed from one engineer to the next, and it's extremely difficult to articulate the problem and get a response.
Which solution did I use previously and why did I switch?
I don't use them myself, we are integrators. A few clients use Fortinet FortiAuthenticator, Fortinet FortiToken, McAfee Total Protection for Data Loss Prevention, Trend Micro Integrated Data Loss Prevention, and GTB Technologies Inspector, but they use FortiToken specifically. I believe I added RSA Authentication Manager, followed by Cisco, Jira.
How was the initial setup?
The initial setup is extremely simple. The FortiAuthenticator and FortiToken are unquestionably the simplest multi-factor authentication solution to implement.
It takes two to three hours to get it up and running. But, the biggest challenge is always the user element, where you have to get users to install the application and communicate with them. That can take you a lot of time depending on the size of your organization and the level of technological sophistication of your end users.
That would require a significant amount of time. But the initial setup, which is to set up the FortiAuthenticator, import the tokens and integrate that with, the FortiGates, is very simple and doesn't take long.
What other advice do I have?
Yes, absolutely, I would recommend this solution, especially for clients performing standard RADIUS authentications, because I believe they're quite solid. I believe where it becomes more difficult is with open authentication protocols such as SAML and OAuth. Fortinet has a long way to go in this area.
I would rate Fortinet FortiToken an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Fortinet FortiToken Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Authentication SystemsPopular Comparisons
Microsoft Entra ID
Cisco Identity Services Engine (ISE)
CyberArk Privileged Access Manager
Workspace ONE UEM
Okta Workforce Identity
Fortinet FortiAuthenticator
Cisco Duo
Yubico YubiKey
RSA SecurID
NetIQ Identity Manager
Thales Authenticators
UserLock
WSO2 Identity Server
RSA Authentication Manager
Buyer's Guide
Download our free Fortinet FortiToken Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Microsoft Authenticator compare with Forinet FortiToken?
- When evaluating Authentication Systems, what aspect do you think is the most important to look for?
- Why is Authentication Systems important for companies?
- Which front-end product for authorization and authentication into an Apache Web Server application, PIXIA, would you recommend?
- What is the difference between SPML and SAML?
- How would you compare Cisco Duo Security with other Authentication Systems products?
- What is CAPTCHA and how does it work? How can you use it for Artificial Intelligence (AI)?
- What are some alternatives for UserLock?