Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Agent configuration

Once installed the FortiAuthenticator Agent Configuration utility will automatically open. This can also be started via the Start menu.

To configure FortiAuthenticator Agent for Microsoft Windows:
  1. Launch the FortiAuthenticator Agent for Microsoft Windows.

  2. Select the General tab, and click the Two Factor Authentication > Configure button.
    Note

    The Simulation tab, shown in the image below, is used for the testing of the login process and is not used in normal operation.

  3. In the Two Factor Authentication configuration screen, configure the IP address, username and API key obtained in FortiAuthenticator Configuration.

  4. For test purposes, disable Verify Server Certificate. This can be configured once the installation has been tested and proven working.
    Tooltip

    If there is a server subject name or CA certificate file specified, enable Verify Server Certificate, delete the entries and disable Verify Server Certificate. Authentication may fail in some circumstances if this is not performed.

  5. Select the Domain tab and select the domains you want to include in the two-factor authentication process by clicking the arrow.
    Note

    FortiAuthenticator Agent for Microsoft Windows contains the default domain "." which represents the local user. You can disable local user login by including the "." domain in the list of domains included in two factor authentication. When the "." domain is not included, login is enabled for local users.

 

Agent configuration

Once installed the FortiAuthenticator Agent Configuration utility will automatically open. This can also be started via the Start menu.

To configure FortiAuthenticator Agent for Microsoft Windows:
  1. Launch the FortiAuthenticator Agent for Microsoft Windows.

  2. Select the General tab, and click the Two Factor Authentication > Configure button.
    Note

    The Simulation tab, shown in the image below, is used for the testing of the login process and is not used in normal operation.

  3. In the Two Factor Authentication configuration screen, configure the IP address, username and API key obtained in FortiAuthenticator Configuration.

  4. For test purposes, disable Verify Server Certificate. This can be configured once the installation has been tested and proven working.
    Tooltip

    If there is a server subject name or CA certificate file specified, enable Verify Server Certificate, delete the entries and disable Verify Server Certificate. Authentication may fail in some circumstances if this is not performed.

  5. Select the Domain tab and select the domains you want to include in the two-factor authentication process by clicking the arrow.
    Note

    FortiAuthenticator Agent for Microsoft Windows contains the default domain "." which represents the local user. You can disable local user login by including the "." domain in the list of domains included in two factor authentication. When the "." domain is not included, login is enabled for local users.