I'm curious about how others handle temporary access to their networks for third-party vendors. We need this occasionally and currently offer two main options: the first is using Fortiportal with Fortitoken MFA and an account linked to a specific PC, while the second is providing access via Forticlient VPN with an AD account and DUO MFA. Both methods include GPOs to limit access to specific resources. I prefer the Fortiportal method since it feels safer, but it can be a hassle since it requires two accounts. Since we only need to do this for a few vendors at a time (no more than five), I don't want to create more solutions but would love to hear thoughts on which option is better, or if my approach is outdated. Thanks for your insights!
5 Answers
Consider using Windows365 VDIS through Intune for vendors, especially if they’re auditors.
One option is to set up a virtual host that’s isolated via firewall policies. You can control access closely and only give vendors what they actually need.
A while back, I had success with SecureLink. Nowadays, I'd recommend BeyondTrust PRA if I had to set it up again. It simplifies access management without juggling numerous vendor AD accounts or explaining FortiToken.
We built a web-based vendor portal using Zscaler, where they log in with their credentials, select the resources they need, and we can log and monitor everything they do.
How long are these access periods?
It's usually around 6-8 weeks for this case, nothing ongoing.