Live deployment

Live deployment

6.2.0

Copy Link

Copy Doc ID bb02bb94-dbf0-11ea-96b9-00505692583a:448861

Download PDF

If incorrectly configured, the following changes could result in being permanently locked out of the system. Please test first on a non-critical system before proceeding.

It is highly recommended that a method to bypass two-factor authentication in the case of misconfiguration is enabled such as that described in Exempt users and groups.

In the mode shown in Agent testing, the use of the token code can be bypassed by selecting the Other User login method, bypassing the FortiAuthenticator Agent, and the requirement for a OTP. In a live system, it would be necessary to prevent this bypass in order to enforce two-factor authentication. To do this:

Open the FortiAuthenticator Agent GUI, select Credential Provider Options, and uncheck the Permit Built-in Password Providers option.

When the user attempts to log in again, the login dialog will be restricted to FortiAuthenticator Agent Login only.

Live deployment

If incorrectly configured, the following changes could result in being permanently locked out of the system. Please test first on a non-critical system before proceeding.

It is highly recommended that a method to bypass two-factor authentication in the case of misconfiguration is enabled such as that described in Exempt users and groups.

Open the FortiAuthenticator Agent GUI, select Credential Provider Options, and uncheck the Permit Built-in Password Providers option.

When the user attempts to log in again, the login dialog will be restricted to FortiAuthenticator Agent Login only.

Agent for Microsoft Windows

Live deployment

Live deployment

Live deployment