Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Live deployment

Caution

If incorrectly configured, the following changes could result in being permanently locked out of the system. Please test first on a non-critical system before proceeding.

It is highly recommended that a method to bypass two-factor authentication in the case of misconfiguration is enabled such as that described in Exempt users and groups.

In the mode shown in Agent testing, the use of the token code can be bypassed by selecting the Other User login method, bypassing the FortiAuthenticator Agent, and the requirement for a OTP. In a live system, it would be necessary to prevent this bypass in order to enforce two-factor authentication. To do this:

  • Open the FortiAuthenticator Agent GUI, select Credential Provider Options, and uncheck the Permit Built-in Password Providers option.

    When the user attempts to log in again, the login dialog will be restricted to FortiAuthenticator Agent Login only.

Live deployment

Caution

If incorrectly configured, the following changes could result in being permanently locked out of the system. Please test first on a non-critical system before proceeding.

It is highly recommended that a method to bypass two-factor authentication in the case of misconfiguration is enabled such as that described in Exempt users and groups.

In the mode shown in Agent testing, the use of the token code can be bypassed by selecting the Other User login method, bypassing the FortiAuthenticator Agent, and the requirement for a OTP. In a live system, it would be necessary to prevent this bypass in order to enforce two-factor authentication. To do this:

  • Open the FortiAuthenticator Agent GUI, select Credential Provider Options, and uncheck the Permit Built-in Password Providers option.

    When the user attempts to log in again, the login dialog will be restricted to FortiAuthenticator Agent Login only.