You can use a local authentication server to authenticate destination server user logins. FortiADC uses FortiToken Cloud as the remote authentication server which provides the security token needed for two-factor authentication on FortiADC.
To assign a FortiToken Cloud to a local server, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.
Note: The local authentication server does not have user-initiated password management features, so it does not easily scale to large groups of users. For large deployments, we recommend you use RADIUS or LDAP and provide instructions on your website how users can reset, recover, or change their passwords.
The FortiToken Cloud User is only supported if the Client Authentication Method in the User group configuration is HTML Form.
- Add user accounts to the local authentication server.
- Select the local authentication server configuration and username when you create user groups.
Before you begin:
- You must have Read-Write permission for System settings.
To use a local authentication server:
- Go to User Authentication > Local User.
- Click Create New to display the configuration editor.
- Complete the configuration as described in Local authentication server configuration.
- Save the configuration.
Name of the user account, such as
Do not use spaces or special characters except the ‘at’ symbol (
After you initially save the configuration, you cannot edit the name.
Specify a password. The stored password will be encrypted.
Note: FortiADC does not support FortiToken Cloud functionality in HA condition.
The email is the email address that will receive the OTP. We will send the registration information including the QR code to help the user to register on the FortiToken app.
County Dial Code
The phone of the country code.
Use this phone number to send the OTP in an SMS text message to the mobile device
FortiToken Mobile Push
Enable two-factor push notifications to your mobile app for fast and secure access.