Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configure two-factor authentication on FortiAuthenticator

To configure a remote user sync rule:
  1. Go to Authentication > User Management > Remote User Sync Rules, choose SAML and then click Create New.
  2. Configure the following settings:
    1. Name: Enter a name for the sync rule (e.g. SAML Users).
    2. Remote SAML server: Select the previously configured remote SAML server.
  3. Configure the token-based sync priority settings under Synchronization Attributes by enabling and ordering the authentication sync priorities.
  4. This example scenario uses FortiToken Cloud for two-factor authentication, so the priority is FortiToken Cloud followed by None (users are synced explicitly with no token-based authentication).

  5. Select or create a user group to associate users with from the dropdown menu.
  6. In SAML User Mapping Attributes, set the Username field to sAMAccountName.
  7. The remaining settings can be configured to your preference or left in their default state.
  8. Click OK to save your changes when completed.
To configure remote users with two-factor authentication:
  1. Go to Authentication > User Management > Remote Users and Import users from the remote SAML account.
  2. Edit a user and enable One-Time Password (OTP) authentication, and select FortiToken > Cloud as the delivery method.
  3. Click OK to save your changes.

Configure two-factor authentication on FortiAuthenticator

To configure a remote user sync rule:
  1. Go to Authentication > User Management > Remote User Sync Rules, choose SAML and then click Create New.
  2. Configure the following settings:
    1. Name: Enter a name for the sync rule (e.g. SAML Users).
    2. Remote SAML server: Select the previously configured remote SAML server.
  3. Configure the token-based sync priority settings under Synchronization Attributes by enabling and ordering the authentication sync priorities.
  4. This example scenario uses FortiToken Cloud for two-factor authentication, so the priority is FortiToken Cloud followed by None (users are synced explicitly with no token-based authentication).

  5. Select or create a user group to associate users with from the dropdown menu.
  6. In SAML User Mapping Attributes, set the Username field to sAMAccountName.
  7. The remaining settings can be configured to your preference or left in their default state.
  8. Click OK to save your changes when completed.
To configure remote users with two-factor authentication:
  1. Go to Authentication > User Management > Remote Users and Import users from the remote SAML account.
  2. Edit a user and enable One-Time Password (OTP) authentication, and select FortiToken > Cloud as the delivery method.
  3. Click OK to save your changes.