Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Using the local authentication server

You can use a local authentication server to authenticate destination server user logins. FortiADC uses FortiToken Cloud as the remote authentication server which provides the security token needed for two-factor authentication on FortiADC.

To assign a FortiToken Cloud to a local server, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.

Note: The local authentication server does not have user-initiated password management features, so it does not easily scale to large groups of users. For large deployments, we recommend you use RADIUS or LDAP and provide instructions on your website how users can reset, recover, or change their passwords.

The FortiToken Cloud User is only supported if the Client Authentication Method in the User group configuration is HTML Form.

Basic steps:
  1. Add user accounts to the local authentication server.
  2. Select the local authentication server configuration and username when you create user groups.

Before you begin:

  • You must have Read-Write permission for System settings.
To use a local authentication server:
  1. Go to User Authentication > Local User.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in Local authentication server configuration.
  4. Save the configuration.

Local authentication server configuration

Settings Guidelines

Name

Name of the user account, such as user1 or user1@example.com.

Do not use spaces or special characters except the ‘at’ symbol ( @) or dot (.). The maximum length is 35 characters.

After you initially save the configuration, you cannot edit the name.

Password

Specify a password. The stored password will be encrypted.

Two-factor Authentication

  • None—Default. Use the local authentication
  • FortiToken Cloud—Enable to 2FA authentication using FortiToken Cloud service.

Email Address

The email is the email address that will receive the OTP. We will send the registration information including the QR code to help the user to register on the FortiToken app.

County Dial Code

The phone of the country code.

Phone Number

Use this phone number to send the OTP in an SMS text message to the mobile device

FortiToken Mobile Push

Enable two-factor push notifications to your mobile app for fast and secure access.

Using the local authentication server

You can use a local authentication server to authenticate destination server user logins. FortiADC uses FortiToken Cloud as the remote authentication server which provides the security token needed for two-factor authentication on FortiADC.

To assign a FortiToken Cloud to a local server, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.

Note: The local authentication server does not have user-initiated password management features, so it does not easily scale to large groups of users. For large deployments, we recommend you use RADIUS or LDAP and provide instructions on your website how users can reset, recover, or change their passwords.

The FortiToken Cloud User is only supported if the Client Authentication Method in the User group configuration is HTML Form.

Basic steps:
  1. Add user accounts to the local authentication server.
  2. Select the local authentication server configuration and username when you create user groups.

Before you begin:

  • You must have Read-Write permission for System settings.
To use a local authentication server:
  1. Go to User Authentication > Local User.
  2. Click Create New to display the configuration editor.
  3. Complete the configuration as described in Local authentication server configuration.
  4. Save the configuration.

Local authentication server configuration

Settings Guidelines

Name

Name of the user account, such as user1 or user1@example.com.

Do not use spaces or special characters except the ‘at’ symbol ( @) or dot (.). The maximum length is 35 characters.

After you initially save the configuration, you cannot edit the name.

Password

Specify a password. The stored password will be encrypted.

Two-factor Authentication

  • None—Default. Use the local authentication
  • FortiToken Cloud—Enable to 2FA authentication using FortiToken Cloud service.

Email Address

The email is the email address that will receive the OTP. We will send the registration information including the QR code to help the user to register on the FortiToken app.

County Dial Code

The phone of the country code.

Phone Number

Use this phone number to send the OTP in an SMS text message to the mobile device

FortiToken Mobile Push

Enable two-factor push notifications to your mobile app for fast and secure access.