I need your help.
I have to deploy a website with content protected by two-factor authentication access. The solution bought for 2FA is Fortigate 50E with Fortitoken.
The process is as follows:
1.The user types the website address is the browser
2.Fortigate asks for username and password
3.Fortigate asks for token code
4.Browser displays the website.
The problem is that different content have to be displayed to different users so the user must be authenticated somehow. For best user experience this must be done without prompting again for credentials. So I must have user authenticated by fortigate with autologin to the website.
No matter if I use fortigate local user or windows local user with radius I cannot be sure who is the user behind the IP
I have Fortigate Logs, NPS Radius logs so I can match username and IP for autologin but I cannot recognize two users connecting from one IP.
Do you have any ideas about how to recognize the user requesting access to the IIS without prompting for credentials again?
Thanks in advance guys!