FortiAuthenticator

This Integration is part of the FortiAuthenticator Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

FortiAuthenticator provides centralized authentication services. Seamless secure two-factor/OTP authentication across the organization in conjunction with FortiToken.

This integration was integrated and tested with versions 4.0 - 6.3.0 of FortiAuthenticator.

Enable API Access for admin user on FortiAuthenticator#

Steps to get the Access Key for the API authentication#

** Note: Ensure email routing is working (i.e. the FortiAuthenticator is able to send mail) beforehand as the API Key will be delivered by email.

On the FortiAuthenticator WebUI, create a new user for API or edit an existing one#

Under the Authentication > User Management, edit the user:

Under User Role, select Administrator.
Enable Web service access.
Under User Information, please ensure there's a valid email address.
Click OK to save the details.
The Web Service Access Secret Key used to authenticate to the API is emailed to the user.

Supported user types#

Local Users
LDAP Users

Configure FortiAuthenticator on Cortex XSOAR#

Navigate to Settings > Integrations > Servers & Services.
Search for FortiAuthenticator.
Click Add instance to create and configure a new integration instance.
Parameter Description Required
server_url Server URL True
credentials Username True
credentials Access Key True
insecure Trust any certificate (not secure) False
proxy Use system proxy settings False
Click Test to validate the URLs, credentials, and connection.

Parameter	Description	Required
server_url	Server URL	True
credentials	Username	True
credentials	Access Key	True
insecure	Trust any certificate (not secure)	False
proxy	Use system proxy settings	False

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

fortiauthenticator-get-user#

Input#

Argument Name	Description	Required
user_type	The user type: localusers (Local Users), ldapuser (Remote Users)	Required
email	The user's email that is defined in the User Information on FortiAuthenticator	Optional
username	The username that is defined in the User Information on FortiAuthenticator	Optional
token_serial	The serial no. of the assigned Token on FortiAuthenticator	Optional

Note: You need either an email, username, or token_serial input in order for the command to work.

Context Output#

Path	Type	Description
FortiAuthenticator.user	Unknown	The user information
FortiAuthenticator.user.id	Unknown	The user's id on FortiAuthenticator
FortiAuthenticator.user.username	Unknown	The user's username
FortiAuthenticator.user.email	Unknown	The user's email address
FortiAuthenticator.user.active	Unknown	The user's active status (true = enabled, false = disabled)
FortiAuthenticator.user.token_auth	Unknown	The token auth status
FortiAuthenticator.user.token_type	Unknown	The token type
FortiAuthenticator.user.token_serial	Unknown	The token serial number

Command Example#

!fortiauthenticator-get-user user_type=localusers [email protected]

Context Example#

{
    "FortiAuthenticator": {
        "user": {
            "active": "true",
            "email": "[email protected]",
            "id": "7",
            "username": "test_user",
            "token_auth": "true",
            "token_type": "ftm",
            "token_serial": "FTKMOB123456789A"

        }
    }
}

Human Readable Output#

FortiAuthenticator User Info#

id	username	email	active	token_auth	token_type	token_serial
7	test_user	[email protected]	true	true	ftm	FTKMOB123456789A

fortiauthenticator-update-user#

Input#

Argument Name	Description	Required
user_type	The user type: localusers (Local Users), ldapuser (Remote Users)	Required
email	The user's email that is defined in the User Information on FortiAuthenticator	Optional
username	The username that is defined in the User Information on FortiAuthenticator	Optional
active	Define user's active status: false = Disabled, true = enabled	Required

Note: You need either an email or username input in order for the command to work.

Context Output#

Path	Type	Description
FortiAuthenticator.user	Unknown	The user information
FortiAuthenticator.user.id	Unknown	The user's id on FortiAuthenticator
FortiAuthenticator.user.username	Unknown	The user's username
FortiAuthenticator.user.email	Unknown	The user's email address
FortiAuthenticator.user.active	Unknown	The user's active status (true = enabled, false = disabled)
FortiAuthenticator.user.token_auth	Unknown	The token auth status
FortiAuthenticator.user.token_type	Unknown	The token type
FortiAuthenticator.user.token_serial	Unknown	The token serial number

Command Example#

!fortiauthenticator-update-user active=false user_type=localusers [email protected]

Context Example#

{
    "FortiAuthenticator": {
        "user": {
            "active": "false",
            "email": "[email protected]",
            "id": "7",
            "username": "test_user",
            "token_auth": "true",
            "token_type": "ftm",
            "token_auth": "FTKMOB123456789A"
        }
    }
}

Human Readable Output#

Updated FortiAuthenticator User Info#

id	username	email	active	token_auth	token_type	token_serial
7	test_user	[email protected]	false	true	ftm	FTKMOB123456789A