Fortinet FortiSAT: security awareness training & phishing simulation

One cloud platform to measure, manage and reduce human cyber risk — combined training + phishing, or either on its own

FortiSAT unifies Fortinet Security Awareness Training (SAT) and FortiPhish phishing simulation into a single cloud-delivered service. Run realistic phishing campaigns, assign role-based training in 10+ languages, and turn behavioral data into per-user, per-group and organization-wide risk scores — then use those scores to wrap tighter controls around your highest-risk users in FortiMail and FortiDLP. Buy per-user subscriptions from a Canadian Fortinet specialist.

Worldwide license delivery Instant electronic delivery MSSP & managed options 100% secure checkout Expert pre-sales support
Fortinet Select Partner
FortiSAT Cloud security awareness training and phishing simulation service
3 editions
Combined, Phishing-only or Training-only
25 users
Minimum order quantity
10+ languages
Training with accessibility support
NIST · PCI-DSS · GDPR
Compliance-aligned awareness program
Jump to
What it is

What is FortiSAT?

Human error remains the primary breach vector in modern cybersecurity incidents, and email-based attacks are still one of the most successful ways attackers gain initial access — phishing routinely leads to credential theft, ransomware, business email compromise (BEC) and data exfiltration. Traditional security awareness programs check a compliance box but never quantify risk or connect to the rest of your security stack.

FortiSAT (Security Awareness Training and Phishing Simulation) is Fortinet's cloud-delivered answer. It combines FortiPhish realistic phishing simulation with a structured Security Awareness Training library, then analyzes behavioral data from simulations, user interactions and training completion to generate dynamic risk scores for every user, group and the whole organization. Security teams get clear visibility into high-risk individuals and departments — and can push those risk scores across the Fortinet Security Fabric to apply stricter inspection, sandboxing or isolation in FortiMail and tighter monitoring in FortiDLP, so the highest-risk users automatically get the strongest safeguards.

Realistic phishing simulation

Pre-built and custom email & QR-code phishing templates modeled on real-world threats from FortiGuard Labs, with credential-harvesting landing pages and full action tracking.

Security awareness training

Comprehensive enterprise training library with micro- and nano-learning modules, role-based assignments, and remedial content in 10+ languages.

Behavioral risk scoring

Turns simulation results, user interactions and training completion into dynamic risk scores for users, groups and the organization to prioritize remediation.

Smart Groups

Dynamic groups auto-organize users by risk score, phishing failures, department, directory attributes and training completion, refreshing regularly for targeted campaigns.

Dashboards & executive reporting

Real-time dashboards and analytics show user behavior, risk levels and compliance posture, with trend tracking and executive-ready reports.

Security Fabric integration

Feed FortiSAT risk scores into FortiMail (URL rewriting, isolation, CDR, sandboxing) and FortiDLP to wrap tighter controls around your riskiest users.

The FortiSAT workflow

How FortiSAT reduces human risk

A continuous loop of simulate, assess, educate, measure and tighten — so awareness keeps improving and your controls follow the risk.

1 · Simulate attacks

Realistic, FortiGuard-modeled phishing
  • Launch email & QR-code phishing campaigns
  • Pre-built, event-based or custom templates
  • Credential-harvesting landing pages

2 · Assess behavior

Find high-risk users & departments
  • Track opens, clicks, replies, submissions
  • Score susceptibility at user/group/org level
  • Surface organizational trends

3 · Educate & remediate

Targeted, automatic training
  • Assign role-based training modules
  • Auto-enroll users who fail a phishing test
  • Reinforce secure behavior over time

4 · Measure reduction

Prove improvement
  • Track awareness & resilience trends
  • Executive and compliance reporting
  • Benchmark risk over time

5 · Tighten controls

Risk-based protection
  • Push risk scores to FortiMail & FortiDLP
  • Apply isolation, CDR & sandboxing to risky users
  • Strongest safeguards where they matter most
Platform capabilities

Key FortiSAT features

Phishing template library

Pre-built templates based on real-world threats, event-based templates (holiday, HR, corporate announcements) and a builder for custom phishing emails and landing pages.

QR-code phishing

Simulate modern quishing attacks and track QR scans alongside opens, clicks, replies, attachment execution and data submission.

Enterprise training library

Comprehensive Security Awareness Training with micro- and nano-learning modules and role-based, targeted assignments.

Remedial campaigns

Automatically enroll users who fail specific phishing campaigns into targeted remedial training, plus Time-of-Click training at the moment of the click.

Phish Alert Button

A one-click Phish Alert Button (PAB) add-in for Outlook and Microsoft 365 lets users report suspicious email and drives real participation.

User management & SSO

Manual/CSV provisioning, LDAP and Azure AD sync, SCIM provisioning, SSO and multifactor authentication, with automated Smart Group assignment.

10+ languages

Training modules in English (US/UK/AUS), Spanish (LATAM), French, Brazilian & European Portuguese, German, Italian and Japanese, with accessibility support.

Compliance-aligned

Supports NIST, PCI-DSS, HIPAA and GDPR security-awareness requirements with the reporting evidence auditors expect.

Right fit for the job

Which FortiSAT edition do you need?

FortiSAT is sold three ways — all cloud-delivered, per user, with FortiCare Premium support and a 25-user minimum. Pick the combined platform for the full loop, or run phishing simulation or training on its own.

Training + Phishing

Most complete · recommended
  • Phishing simulation and the full SAT library
  • Unified risk scoring across both
  • Auto-enroll failed users into remedial training

Phishing only

Test & measure susceptibility
  • FortiPhish enterprise phishing simulation
  • Email & QR-code campaigns with full tracking
  • Behavioral risk scoring

Training only

Build a cyber-aware culture
  • Enterprise SAT module library
  • Role-based micro- & nano-learning
  • 10+ languages, compliance-aligned
Side by side

FortiSAT editions compared

Sourced from the FortiSAT datasheet and Ordering Guide. All three editions include behavioral risk scoring, Smart Groups, dashboards and reporting, directory sync/SSO and FortiCare Premium 24x7 support.

CapabilityCombinedPhishing onlyTraining only
Simulated phishing campaigns (email & QR code)
Realistic credential-harvesting landing pages
Phishing tracking: open, click, reply, attachment, QR scan
Security Awareness Training module library (micro & nano)
Role-based & targeted training assignments
Auto-enroll failed users into remedial training
Time-of-Click splash-page training
Behavioral risk scoring (user / group / org)
Smart Groups (dynamic targeting)
Phish Alert Button (Outlook / M365)
Dashboards, analytics & executive reporting
User & group sync (LDAP, Azure AD, SCIM) + SSO / MFA
Feed risk scores to FortiMail / FortiDLP controls
FortiCare Premium 24x7 support
Pricing & purchase

Buy FortiSAT — per-user subscriptions

FortiSAT is licensed per user and priced by user band, with a 25-user minimum order and a choice of 1, 3 or 5-year terms. Licenses are delivered electronically worldwide, usually within hours. Expand an edition below to see the exact Fortinet SKU for your user count — then request a quote and we will price and provision it, usually the same day.

FortiSAT — Training & Phishing Simulation — SAT + phishing simulation · most complete

The complete FortiSAT platform: realistic phishing simulations plus the full Security Awareness Training (SAT) library, unified behavioral risk scoring across both, and automatic enrollment of users who fail a phishing test into remedial training. Includes FortiCare Premium 24x7 support. Minimum order 25 users; available as 1, 3 or 5-year per-user subscriptions.

User bandPer-user subscription
1 - 100 users
View productFC1-10-PHCLD-1325-02-DD
101 - 1,000 users
View productFC2-10-PHCLD-1325-02-DD
1,001 - 5,000 users
View productFC3-10-PHCLD-1325-02-DD
5,001 - 10,000 users
View productFC4-10-PHCLD-1325-02-DD
10,000+ users
View productFC5-10-PHCLD-1325-02-DD
FortiSAT — Phishing Simulation Only — FortiPhish enterprise phishing

FortiPhish enterprise phishing simulation on its own: run realistic email and QR-code phishing campaigns, track opens, clicks, replies, attachment execution and data submission, and score user susceptibility over time. Includes FortiCare Premium support. Minimum order 25 users; available as 1, 3 or 5-year per-user subscriptions.

User bandPer-user subscription
1 - 100 users
View productFC1-10-PHCLD-1262-02-DD
101 - 1,000 users
View productFC2-10-PHCLD-1262-02-DD
1,001 - 5,000 users
View productFC3-10-PHCLD-1262-02-DD
5,001 - 10,000 users
View productFC4-10-PHCLD-1262-02-DD
10,000+ users
View productFC5-10-PHCLD-1262-02-DD
FortiSAT — Training Only — Enterprise Security Awareness Training

The enterprise Security Awareness Training library on its own: role-based micro- and nano-learning modules in 10+ languages to build a cyber-aware workforce and satisfy NIST, PCI-DSS, HIPAA and GDPR awareness requirements. Includes FortiCare Premium support. Minimum order 25 users; available as 1, 3 or 5-year per-user subscriptions.

User bandPer-user subscription
1 - 100 users
View productFC1-10-PHCLD-1261-02-DD
101 - 1,000 users
View productFC2-10-PHCLD-1261-02-DD
1,001 - 5,000 users
View productFC3-10-PHCLD-1261-02-DD
5,001 - 10,000 users
View productFC4-10-PHCLD-1261-02-DD
10,000+ users
View productFC5-10-PHCLD-1261-02-DD
DataCenter360 professional services team
PROFESSIONAL SERVICES

More than the box — we deploy, manage and secure it

Every Fortinet purchase from DataCenter360.ca is backed by hands-on services across the full lifecycle — from rollout to round-the-clock protection.

Deployment, migration & projects
Design, install and cut over with zero-downtime migrations.
Managed Fortinet security
We run your FortiGate, FortiAP and Security Fabric so your team does not have to.
Security consulting & assessments
Audits, posture reviews and architecture guidance from FCP-certified experts.
Monitoring & threat detection
Continuous monitoring with alerting and rapid incident response.

Explore our professional services →

Buying from DataCenter360.ca

An authorized Fortinet specialist

Authorized Select Partner

Fortinet Select Partner and MSSP, FCP-certified. Genuine subscriptions registered correctly the first time.

Worldwide license delivery

FortiSAT is a cloud SaaS — licenses are electronic and delivered worldwide, usually within hours of purchase.

Sizing & rollout help

User count, edition, term and campaign design — we help you scope the right program before you buy.

Real security advice

Talk to an FCP-certified engineer about tying FortiSAT risk scores into FortiMail and FortiDLP.

Ready to reduce human risk with FortiSAT?

Tell us your user count and whether you want combined training + phishing, or either on its own. We will size the edition and term and quote it, usually same day.

FAQ

FortiSAT, common questions

FortiSAT is Fortinet's cloud-delivered Security Awareness Training and phishing-simulation platform. It combines FortiPhish phishing simulation with a structured Security Awareness Training library and turns behavioral data into per-user, per-group and organization-wide risk scores to measure, manage and reduce human cyber risk.

Combined (SKU family PHCLD-1325) includes both phishing simulation and the full training library with unified risk scoring and automatic remedial-training enrollment. Phishing Only (PHCLD-1262) is FortiPhish enterprise phishing simulation on its own. Training Only (PHCLD-1261) is the enterprise Security Awareness Training library on its own. All three include behavioral risk scoring and FortiCare Premium support.

FortiSAT is licensed per user, priced in five user bands (1-100, 101-1,000, 1,001-5,000, 5,001-10,000 and 10,000+), with a 25-user minimum order. Each subscription is available as a 1, 3 or 5-year term. Request a quote with your user count and edition and we will return live pricing.

The minimum order is 25 users, even though the first pricing band covers 1-100 users. Pricing per user decreases as you move up into larger user bands.

Yes. FortiSAT simulates both email and QR-code phishing and tracks user actions including open, click, reply, attachment execution, QR scan and data submission, using pre-built, event-based or fully custom templates and landing pages.

FortiSAT generates dynamic risk scores for users, groups and the organization. Those scores can be used in other Fortinet products — for example FortiMail can apply stricter controls such as URL rewriting, URL isolation, Content Disarm & Reconstruction (CDR) and sandboxing to high-risk users, and FortiDLP can increase monitoring and data-protection controls.

Training modules are available in 10+ languages with accessibility support, including English (US, UK, AUS), Spanish (LATAM), French, Brazilian Portuguese, German, Italian, European Portuguese and Japanese.

Yes. FortiSAT supports manual and CSV user provisioning, LDAP and Azure AD directory synchronization, SCIM provisioning, SSO for admins and end users, and multifactor authentication, with automated Smart Group assignment.

FortiSAT is a cloud SaaS, so there is nothing to ship — subscriptions are delivered electronically worldwide as an Authorized Fortinet Select Partner, usually within hours of purchase, and include FortiCare Premium support.

DataCenter360.ca is an Authorized Fortinet Select Partner. Specifications and capabilities shown are from the FortiSAT datasheet (FSAT-DAT-R01, March 11, 2026) and the FortiSAT Ordering Guide. Pricing is per user and delivered on quote; figures may vary with currency, term and promotions. FortiSAT, FortiPhish, FortiMail, FortiDLP, FortiCare and FortiGuard are trademarks of Fortinet, Inc.