Realms in FortiAuthenticator allow mapping of authentication requests to different back-end databases within a single RADIUS policy, enabling user authentication across multiple directories or identity sources.

The recommended method to migrate a large local user database to a new FortiAuthenticator is to export the users from the current device into a CSV file and then import that CSV file into the new FortiAuthenticator.

Enabling Adaptive Authentication in the portal policy allows FortiAuthenticator to apply contextual rules, such as bypassing two-factor authentication when users connect from specific secured networks.

FortiAuthenticator functions as an identity management device, handling user authentication and authorization.

It provides portal services for user self-registration, guest management, and authentication portals.

It acts as a certificate authority, issuing and managing digital certificates for secure authentication.

In SP-initiated SSO, the principal (user) first attempts to access the service provider. The service provider redirects the principal to the identity provider for authentication, and upon successful authentication, the identity provider redirects the principal back to the service provider with the SAML assertion.

The FortiClient SSO Mobility Agent runs on the endpoint and communicates login and logoff events directly to FortiAuthenticator, allowing transparent detection of logged-off users without relying on external mechanisms like WMI polling.