To enhance the Microsoft Windows operating system login with the use of a OTP (i.e. the two-factor authentication token), FortiAuthenticator Agent for Microsoft Windows uses the FortiAuthenticator REST API. To use the REST API, a key is required which must be generated before installing the desktop agent software.
REST API admin access must be enabled on the FortiAuthenticator interface. To enable REST API on an interface, go to System > Network > Interfaces, edit the interface, and enable the REST API (/api) option.
Generating an API key requires a working email configuration. Before proceeding, configure and test an email server in System > Messages > SMTP Servers and set it as active in System > Messages > Email Services.
- Log into FortiAuthenticator.
- Edit the admin user in Authentication > User Management > Local Users and enable Web Service Access in the Role section. Click OK and an email containing the API Key for that user will be sent.
The required users should be imported via LDAP and assigned a FortiToken with which to authenticate before proceeding.