A company must integrate the FortiClient EMS with their existing identity management infrastructure for user authentication, and implement and enforce administrative access with multi-factor authentication (MFA). Which two authentication methods can they use in this scenario? (Choose two answers)

A. LDAPS
B. RADIUS
C. TACACS
D. SAML

Correct Answer: B,D

Brave-Dump Clients Votes

AD 50%

BD 50%

Comments

Anonymous99 2025-08-13 16:23:06

Selected Answers: A, D

A & D is correct

mahmoud mostafa 2025-12-07 16:18:11
LDAPS is the same as ldap but over ssl on port 636 dose not support chalenging or prompoting the user for 2fa ldap &tacacs may support that in some how but radius and saml fully supports this

mahmoud mostafa 2025-12-07 16:11:18

Selected Answers: B, D

Radius & SAML are the two protocols support 2FA
while in radius the Radius server asks the authenticating user for radius attribute(OTP) to be authenticated.
and in SAML
the authentication is on FAC itself while the user was directed from SAML SP to idp (FortiAuthenticator)
Ldap dose not support that
I do not know about TACACS but it dose not.

Xavier E. Diaz 2025-12-08 00:33:24
Why B & C may be INCORRECT: B. RADIUS: While FortiGate uses RADIUS heavily, FortiClient EMS primarily uses LDAPS for its directory integration and SAML for SSO/MFA for administrators. RADIUS is typically used for network access control, not the primary administrative and user authentication integration within EMS. C. TACACS: TACACS+ is primarily used for device administration (like connecting to a router or switch) and is not the standard protocol for integrating EMS with identity management or MFA solutions. I hth