Fortinet FortiToken Reviews

I am using it with FortiClient so that I can authenticate.

It provides me with the token so that I can do the Multi-Factor Authentication. I'm not sure if there's anything more to say about that.

I'm not sure if it's already available, however, I wonder if there's an option to have it sent to my email address instead of having it on the mobile app. Currently, I need to carry that single device that is already registered with a token. If I can receive it on email, it would be more flexible. 

I'm using other types of authenticators, and some of them provide a code to access the application. I'm not sure if that's already available, as I am not using it at the moment. If it's not there, it could be a nice feature to have optionally.

I have used the solution for four years, five years, something like that.

I don't know if scalability is applicable. It's only meant to be doing one thing, to be honest. I've already got, what, three or four tokens, four tokens. It's scalable enough for my purpose.

We get support through a partner, and we've had good support so far. However, it wasn't directly with Fortinet staff. 

Positive

The initial setup is simple.

I use Microsoft Authenticator as I can incorporate many functions there. With the FortiToken app, it's only compatible with its own tokens. So, I need to use one more app for what I need to do. Authenticator is for everything else, however, for Fortinet, I use only the FortiToken app.

The product is working fine for me after all these years.

Overall, I give the product a nine out of ten.

We use the solution only with Fortinet products for VPN.

During COVID-19, we needed server access from different places. The solution provides FortiToken Mobile. It makes things easier because we can have access through our mobiles instead of other devices. Thus, the solution made our application process better. Previously, the devices we used ran out of battery, so we had to throw them away. Now, the battery will not be drained as long as we don't use our mobile.

The product provides secure access to our internal server. The encryption is done by FortiToken. That is the reason we access our servers through Fortinet. We use FortiToken to ensure that no unauthorized person can access our servers. It is like two-factor authentication. It makes us more secure. The mobile application makes our authentication experience better. It is easy to integrate the solution with other products. I rate the ease of integration a nine out of ten.

The price must be more competitive. The pricing model must be more flexible. The tool could be a little cheaper.

I have been using the solution for four years.

I rate the tool’s stability a nine out of ten.

I rate the tool’s scalability a nine out of ten. We have about 30 users in our organization.

Sometimes, the support team takes time to understand the problem. However, it is okay. The team solves our issues.

Positive

We can contact the support team if we have any problems with the installation. The tool is easy to learn.

We evaluated another product, but the price and service of the reseller in Indonesia were not good. So, we did not choose it. We chose FortiToken because it was easy to integrate it.

I will recommend the product to others. Overall, I rate the product a nine out of ten.

We're aiming to provide every user with mobile token-based two-factor authentication (2FA) to enhance security.

It's for internal security.

It aligns well with your overall identity and access management (IAM) strategy.

We already have IAM policies in place, and this tool strengthens them by implementing 2FA.

The token-based authentication is good and modern aspect.

The management configuration seems a bit complex and could benefit from user guides or better support resources. It could be improved in terms of user-friendliness. 

Not like the other FortiGate products. Maybe not many people have a real community for this. The lack of community support is a major concern. 

Context-sensitive online support instead of just a general user manual would be very helpful. Currently, clicking "help" on any topic simply directs you to the entire manual.

We're currently in the middle of installing it.

As it's a virtual machine (VM), we haven't encountered any stability issues so far.

The support itself is good, but it mainly comes through email responses, which can be slow.

Email support is good, but we would appreciate faster response times.

We had internal authentication systems but not a product-based system from a security company.

Most of our previous authentication systems were internal. This is the first one that integrates with network and server equipment, and it can even be implemented for SSL. It's the first security system software we've used.

We chose Fortinet FortiToken because it integrates well with our existing Fortinet FortiGate firewall UTM appliance. Since the token is a VM, it doesn't require additional hardware, which would have been an unnecessary expense. In terms of manageability and integration, it seemed like a good fit alongside FortiGate and FortiMail, all from the same Fortinet ecosystem.

It is not very easy to set up and configure 2FA with different needs.

Configuration can be confusing due to the lack of community and context-sensitive help. We've had to rely on technical support, which slows down the setup process.

Token's validity is either renewal or perpetual, which determines its return on investment (ROI), which is higher over time. It's not a subscription-based model.

From an Indian perspective, it's definitely costlier. Converted to dollars, it might seem smaller internationally. But commercially in India, it is expensive.

Overall, I would rate the solution a six out of ten because some improvements are required feature-wise. For example, before FortiToken disappears from the mobile phone, it should display our logo, not the FortiToken logo. App customization is needed so users know when FortiToken is implemented. My organization, for instance, would prefer our logo for assurance instead of the FortiToken logo.

The name of the authenticator is from the user's site. It's sufficient for that to provide you with a number when you need to access a protected resource, which is the site. This is two-factor authentication. You have two layers of authentication. The first layer is provided by the name and password, and the second layer is provided by the authenticator. 

So you have to be attentive to that when the app prompts you, or at least the app prompts you, which advises you about the directive that someone is attempting to access this technology. And you can confirm by saying yes. It's directly linked to the internal access attempt to the site.

I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose.

On the Fortinet side, it is already well integrated with Android devices, simple devices, and PCs.

Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side.

I have been using this solution for more than three years. We use the latest version as it updates automatically. 

I would rate the stability a ten out of ten. I haven't encountered any issues with this solution's stability

It is very scalable. It can manage thousands of users. We plan to expand our customer base.

We have around 250 users. We all rely on it for our authentication needs. It's in active operation.

We used Fortinet FortiAuthenticator. 

From the customer's perspective, the setup is flexible. You have the liberty to configure it according to your preferences. It took minutes to set up. 

We can do it in-house. Simply load the installation and compute user, and then you can use it.

The technical personnel involved in deployment and maintenance are developers.

The ROI is quite high because the consistent part of it originates from any directive of credentials or end-user passwords. It's a solution that significantly improves the authentication phase. This makes it less likely that a malicious actor would be able to gain unauthorized access to the network and launch the attack.

FortiToken hardware itself does not require a license. However, the FortiAuthenticator software does require a license. The cost of the license depends on the number of users. We pay it on a yearly basis. But you can also find agreements with other options.

There are no additional costs. It is not too expensive.

Overall, I would rate the solution an eight out of ten. I would definitely recommend using the solution. There are not many functionalities. However, it is a great solution for multifactor authentication.

We only use FortiToken for authentication purposes, like logging into SSL VPN or plugging into firewalls.

I like how easy it is to configure and assign tokens. It's readily available through our application-based system.

The problem comes when we have to migrate tokens to new phones. There's no backup option or import/export feature, so you have to redo the entire process manually, adding tokens one by one, which is quite tedious.

The migration process is definitely a major area for improvement. Imagine losing your phone and having to set everything up again from scratch and add everything individually.  

In future releases, push notifications would be good! Instead of opening the app and entering the token manually, what if we received an approval or denial prompt directly on the phone as a notification? Just a tap to log in, that would be nice.

I have been using it for three years now. 

I would rate the stability a nine out of ten. It's been very reliable for my customers. 

I would rate the scalability a seven out of ten. The migration issue definitely brings it down a bit.

Moreover, if FortiToken could improve that, maybe introduce push notifications or even eliminate the need for manually entering token keys, it could easily reach a ten out of ten.

Replacing the token key entry with a simple notification and selection option to accept/deny would be very handy and useful. Now, we have to scroll down and search for the correct FortiToken by name. 

I recommend FortiToken for all companies, especially when they connect to sensitive servers. That's why I suggest them to use it.

There haven't been any emergencies, but the response times and everything were good when I needed help.

Positive

Before FortiToken, I used Okta for authentication. For firewalls and network devices specifically, I recommend FortiToken.

The initial setup is easy. You receive a QR code via email, scan it, and add it. No complicated procedures involved.

The deployment model depends on the customers. We have different customer setups, but most are on-premises, device-based deployments.

We typically require our assistance with deployment. We manage their hardware and infrastructure, so deployment falls under our responsibility.

The pricing is not very high, so I'd rate it around six out of ten, where one is high and ten is low.

I can compare it with Microsoft's 365 authentication or other Microsoft authentication solutions, but they have different features.

Overall, I would rate the solution an eight out of ten. I recommend FortiToken to all our clients who purchase Fortinet devices, especially within banking and payment systems. 

Fortinet offers a comprehensive solution for network security, particularly with its very effective zero-trust network access approach.

The solution has many components, each with its own benefits and advantages. FortiToken is straightforward to use.

I have been using Fortinet FortiToken for six months.

More than 400 stores in Canada are using this solution.

The product itself is very good, and although I have extensive experience with Fortinet, I have not sought much support for it so far.

Positive

It's very simple: install the FortiToken app on your cell phone. When you receive the FortiToken invitation by email, open the email to view the QR code. Use your phone's camera to scan the QR code, automatically importing it into the FortiToken app. Once synchronized with the FortiToken server, you can use the app for future authentication.

It's convenient because you don't need to implement a separate FortiToken server. Traditionally, with systems like RSA, you needed a dedicated server, purchased token licenses, and assigned them individually to users. However, with Fortinet, you can use FortiGate as the FortiToken server itself. Each FortiGate license includes two free FortiTokens. If you need more tokens, you purchase additional licenses. The required tokens are automatically generated after importing the license into the FortiGate. You then assign these tokens to users and send an invitation email. The user receives the email, opens the attachment or QR code, and scans it with the FortiToken app on their phone.

If you don't have many users, the free FortiTokens included with FortiGate should be sufficient. The basic license covers up to twenty-five users. Alternatively, you can use Fortinet's FortiToken Cloud Service instead of FortiGate as the FortiToken server. This way, you don't need to have a FortiGate device.

Overall, I rate the solution a nine out of ten.

I have used the solution for VPN access.

I like that the solution integrates with FortiAuthenticator well enough.

They're just the token. So, they perform like any other token. It's a very simple thing, and it just works like any other token. There's nothing that stands out. It's just another token.

It could be integrated better if you could have your FortiToken, and the license would allow you to work across multiple FortiGate solutions. So, that'd be an improvement.

I have been using Fortinet FortiToken for six or seven years. I have a lot of customers for the solution. I have no idea what version I'm using. I just have it on my phone, and I suppose it just updates automatically with other applications that update on my phone.

I haven't had any breaks, even when I use FortiToken application on Android or iPhones

Stability-wise, I rate the solution a ten out of ten.

Scalability-wise, I rate the solution a ten out of ten.

We have customers that have 2,500 people using the solution. Also, the company that we serve has around 1,000 users.

The initial setup was straightforward.

For deployment, load the CSV of all the tokens, and then with the license, we just deploy as required for users using Fortinet's indicators, usually.

The time taken for deployment depends on how long it takes to deploy the FortiAuthenticator. We usually deploy them together. With FortiAuthenticator, or the FortinetToken or add-ons, you're looking at maybe a couple of hours to edit.

The customers need to pay for licenses. On a scale of one to ten, where one is the cheapest, and ten is the highest, I rate the pricing an eight.

It's not as expensive as some other tools, and also it's cheaper than some solutions. The fact it integrates means there are not a lot of other costs. If you're a user of FortiGate or FortiAuthenticator, it's a good price.

To make it really work, you need FortiAuthenticator, so that's an additional cost. So it is your additional cost. Relative to other solutions, it is too cheap. We won't make any money if we make it cheaper.

If you have FortiGate, I would recommend using FortiToken. But if you have Office 365 and you have the MFA, then I'd suggest you use that.

Overall, I rate the solution a nine out of ten.

All users who can log in on Fortinet have Token. We have 15 FortiTokens for the managers who are connected to the VPN and also for those who are connected to the software. It is mobile, not a hard token. That said, I have the hardware token, which is related to the administrator, me, and my assistant. It's used on software and hardware. We use it at an administrator level and at a user level. 

The solution is great for security. It's for two-factor identification.

It is easy to implement. The deployment is quick and simple. 

It is stable and reliable. 

The cost isn't too high.

The solution works well. We have nothing to complain about. 

I've been using the solution for five years. 

The stability is ecellent. I would rate it five out of five. It is reliable, and the performance is good. We do not have any issues at all. 

We have 15 FortiTokens.

We did not previously use a different solution. This was the first solution we selected. 

It is an easy product to implement. From the software or the hardware itself, from the options, we can apply FortiToken for the user and just add the hot token serial number and go.

We only need one person to deploy the solution. I tend to manage it myself. 

The deployment takes about 45 minutes for the software. It might take about ten days for the hardware to arrive from Fortigate. After that, I just install the serial key, and everything is done. 

We have not noted an ROI.

We deal with a subcontractor in Saudi Arabia to pay everything in one bill yearly. Everything is a separate license fee, and we use different Fortinet solutions. However, we pay for everything yearly, all at once.

Generally, it is an affordable product. We do not find it to be overly expensive. 

I'd rate it a five out of five in terms of affordability. 

We did not explore other options. We chose the first option we looked at, FortiToken.

We are not partners. We use it internally in the company. We are end-users. We use a lot of Fortinet products. 

Nothing has to be done from the end-user perspective; they just add the username and password, and a code appears on the Fortitoken software or hardware. 

I'd rate the solution ten out of ten. 

I'd recommend the solution to other users and companies.