Home

Fortinet Expands Identity Security with Launch of FortiIdentity Cloud

.

Fortinet has transformed its authentication service with the strategic relaunch of FortiToken Cloud as FortiIdentity Cloud, marking a significant expansion from a simple two-factor authentication (2FA) service into a comprehensive cloud-native Identity and Access Management (IAM) platform. Announced in August 2025, this rebranding reflects a major shift in cybersecurity strategy, positioning identity as the central pillar of modern, perimeter-less security models. The new platform integrates seamlessly with the broader Fortinet Security Fabric, offering organizations a unified solution for Zero Trust Access (ZTA), adaptive authentication, and Single Sign-On (SSO).

According to Fortinet's official community announcement, this change represents "more than just a new label." It signals a deliberate move to address the complex identity challenges brought on by digital transformation, hybrid work, and widespread cloud adoption. FortiIdentity Cloud now serves as the cornerstone for a cohesive security strategy, where identity becomes the primary control point for accessing applications and data, moving beyond traditional network-based defenses.

Core Capabilities and Technological Advancements

1. Expanded Authentication and Access Management

FortiIdentity Cloud has significantly broadened its scope beyond its original token-based MFA functionality. It now operates as a full-fledged Identity Provider (IdP), supporting modern federated identity standards:

  • SAML and OIDC Support: It can act as a standalone IdP or an IdP proxy for third-party providers, enabling secure, standardized access to a wide array of cloud and on-premises applications.
  • Centralized Multi-Factor Authentication (MFA): The service continues to provide robust MFA, centrally managed for FortiGate firewalls and other integrated applications. It supports diverse methods including Mobile OTP (via the FortiToken Mobile app), SMS/email OTP, hardware tokens, and modern FIDO2 security keys for phishing-resistant, passwordless authentication.
  • Adaptive and Risk-Based Policies: A key advancement is the ability to configure adaptive authentication policies. Access decisions can now be dynamically adjusted based on login context, such as user behavior, device security posture, geographic location, and network risk, providing stronger security without hindering legitimate user productivity.

2. Seamless Integration and Simplified Management

A primary design goal of FortiIdentity Cloud is to reduce complexity and operational overhead:

  • Unified Security Fabric Integration: The platform is engineered to work natively with Fortinet's ecosystem, including FortiGate Next-Generation Firewalls, FortiSASE, and FortiAuthenticator. This creates a consistent policy enforcement framework across network and identity layers.
  • Cloud-Native and Hardware-Free: As a fully managed service hosted in Fortinet data centers, it requires no additional hardware or software on the customer's end. This eliminates the need for changes to existing security policies or Access Control Lists (ACLs) during deployment.
  • Intuitive Centralized Portal: Administrators benefit from a single, intuitive web interface for managing authentication policies, users, tokens, and applications from anywhere. The platform includes features for easy provisioning, scaling, and detailed reporting, such as daily usage reports and subscription alerts.

3. Licensing and Deployment Model

FortiIdentity Cloud operates on a flexible, subscription-based licensing model, inherited and evolved from FortiToken Cloud:

  • Credit-Based System: The service uses a "credit" system where one credit equals one user-month of service. Credits are consumed based on active users.
  • Subscription SKUs: Organizations can purchase credits in scalable bundles. Historical SKUs (from the FortiToken Cloud era) included FTC-LIC-120, FTC-LIC-1200, FTC-LIC-12K, and FTC-LIC-120K, offering 120 to 120,000 user-months of service.
  • Simplified Scaling: This model allows businesses to start small and scale effortlessly by adding more credits as user counts grow, with stackable subscriptions and clear usage visibility from the admin dashboard.

Strategic Importance and Market Position

The transition to FortiIdentity Cloud is a direct response to the evolving cybersecurity landscape. In a world where the traditional network perimeter has dissolved, verifying user identity has become the most critical security control. By expanding into a full IAM platform, Fortinet enables organizations to:

  • Consolidate Security Tools: Reduce dependency on multiple point solutions by integrating SSO, adaptive MFA, and access governance into a single platform within the existing security fabric.
  • Accelerate Zero Trust Adoption: Implement a practical Zero Trust model by making continuous, context-aware identity verification the gateway to all corporate resources.
  • Enhance User Experience and Security Simultaneously: Through features like passwordless FIDO2 login and one-tap push approvals on the FortiToken Mobile app, the platform strengthens security while simplifying the login process for end-users.
  • Future-Proof Identity Strategy: The rebranding outlines a clear roadmap for future enhancements, including deeper SaaS integrations, advanced AI-driven risk analytics, and improved compliance reporting, ensuring the platform evolves with emerging threats and business needs.

For existing FortiToken Cloud customers, this is a forward-compatible evolution. All existing tokens, licenses, and configurations continue to work without disruption, providing a seamless upgrade path to more advanced identity capabilities.

Frequently Asked Questions (FAQ)

What is the difference between FortiToken Cloud and FortiIdentity Cloud?

FortiToken Cloud was primarily a cloud-managed service for Multi-Factor Authentication (MFA) tokens. FortiIdentity Cloud is its direct evolution into a comprehensive Identity and Access Management (IAM) platform. While it retains all the MFA capabilities, it adds critical features like Single Sign-On (SSO) as an Identity Provider (IdP), support for SAML/OIDC, adaptive authentication policies, and deeper integration with the Fortinet Security Fabric for Zero Trust.

Do existing FortiToken Cloud customers need to migrate or change anything?

No. Fortinet has confirmed that the change is a strategic rename and expansion. For existing customers, no migration or configuration changes are required. All current tokens, user assignments, licenses, and integrations with FortiGate or FortiAuthenticator will continue to function as before. Customers automatically gain access to the new FortiIdentity Cloud features and portal.

What authentication methods does FortiIdentity Cloud support?

The platform supports a wide range of methods to fit different security and usability needs:

  • FortiToken Mobile App: For push notifications (one-tap approve/deny) or time-based one-time password (TOTP) codes.
  • Hardware Tokens: Such as the FortiToken 200 series for OTP codes or the FIDO2-certified FortiToken 410 for passwordless authentication.
  • SMS and Email OTP: One-time codes delivered via text message or email.
  • FIDO2 WebAuthn: Passwordless authentication using hardware security keys or biometrics on compatible devices.

How does FortiIdentity Cloud integrate with other Fortinet products?

It is designed for deep integration within the Fortinet Security Fabric:

  • FortiGate NGFWs: Provides centralized MFA for firewall administrator logins, VPN user access, and web portal authentication.
  • FortiAuthenticator: Can be integrated for enhanced user directory synchronization and policy orchestration.
  • FortiSASE: Delivers consistent Identity-as-a-Service (IDaaS) and Zero Trust Network Access (ZTNA) policies for secure remote access.
  • It also integrates with third-party applications via SAML 2.0 and OpenID Connect (OIDC) protocols.

What is the licensing model for FortiIdentity Cloud?

It uses a subscription-based, credit-consumption model. You purchase a SKU (e.g., a bundle of credits), where one credit represents one user-month of service. Usage is tracked monthly, and administrators can monitor credit balance and consumption through the cloud portal. Subscriptions are stackable and scalable, allowing you to add more credits as your user base grows.

Can FortiIdentity Cloud be used for passwordless authentication?

Yes. A significant feature of the expanded platform is its support for passwordless authentication via the FIDO2/WebAuthn standard. Users can employ FIDO2 security keys (like the FortiToken 410) or platform authenticators (like biometrics on a laptop or phone) to log in without a password, offering superior security against phishing attacks.