Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiAuthenticator 6.6.0 Administration Guide
    6.6.0
    6.6.2
    6.6.1
    6.6.0
    6.5.5
    6.5.4
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.2
    6.2.1
    6.2.0
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.5.0
    5.4.0
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.1
    4.2.0

    Token self-provisioning

    Token self-provisioning

    User token self-provisioning allows users to set up their own FortiTokens without direct intervention of an administrator.

    To configure token self-provisioning settings, go to Authentication > Self-service Portal > Token self-provisioning.

    The following settings can be configured:

    Token Self-registration

    Allow FortiToken Hardware self-provisioning

    Enable this option if you want to allow users to self-provision their own FortiToken Hardware tokens.

    Allow FortiToken Mobile self-provisioning

    Enable this option if you want to allow mobile users to self-provision their FortiToken Mobile.

    Allow Email self-provisioning

    Enable this option if you want to allow users to self-provision their FortiToken Mobile via email.

    Allow SMS self-provisioning

    Enable this option if you want to allow users to self-provision their FortiToken Mobile via SMS.

    Allow user to request a token from Administrator at this email address

    Enable this option if you want to allow users to request a new token using an email address.

    Restrict token self-provisioning to members of specific groups

    Enable this option if you want to restrict token self provisioning only to members of selected user groups.

    Token Self-revocation

    Allow users to report a lost token to the Administrator at this email address

    Enable this option if you want to allow users to report a lost token to a specific email address.

    Allow users to temporarily use SMS token authentication if a mobile number was pre-configured

    Enable this option if you want to allow users to switch to temporary SMS based authentication. The administrator will also be notified.

    Allow users to temporarily use email token authentication if an email was pre-configured

    Enable this option if you want to allow users to switch to temporary email based authentication. The administrator will also be notified.

    Allow users to re-provision their FortiToken Mobile

    Enable this option if you want to allow mobile users to re-provision their token.

    How a user registers a token

    If enabled, a user can self-register a token from the user portal screen.

    To self-register:
    1. Browse to the IP address of the user portal and log in.
    2. Go to My Account > User > Register Token to open the token registration options.
    3. Fill in all the required fields.

      4. Only options that the administrator has configured under the Token Self-registration options are available.

    4. Select OK to register token.

      If a token is already assigned to the user, the token registration page will display the token along with its serial number.

    How a user reports a lost token

    A user can report a lost token (mobile or physical) from the user portal screen.

    To report lost token:
    1. Browse to the IP address of the user portal.
    2. Select I lost my token.

      3. The user is directed to a page warning them that their account will be locked and the administrator will be notified. Select OK to continue.

    3. Select the preferred option.

      4. Only options that the administrator has configured under the Token Self-revocation options are available.

    4. Select OK to continue.
    Previous
    Next

    Token self-provisioning

    Token self-provisioning

    User token self-provisioning allows users to set up their own FortiTokens without direct intervention of an administrator.

    To configure token self-provisioning settings, go to Authentication > Self-service Portal > Token self-provisioning.

    The following settings can be configured:

    Token Self-registration

    Allow FortiToken Hardware self-provisioning

    Enable this option if you want to allow users to self-provision their own FortiToken Hardware tokens.

    Allow FortiToken Mobile self-provisioning

    Enable this option if you want to allow mobile users to self-provision their FortiToken Mobile.

    Allow Email self-provisioning

    Enable this option if you want to allow users to self-provision their FortiToken Mobile via email.

    Allow SMS self-provisioning

    Enable this option if you want to allow users to self-provision their FortiToken Mobile via SMS.

    Allow user to request a token from Administrator at this email address

    Enable this option if you want to allow users to request a new token using an email address.

    Restrict token self-provisioning to members of specific groups

    Enable this option if you want to restrict token self provisioning only to members of selected user groups.

    Token Self-revocation

    Allow users to report a lost token to the Administrator at this email address

    Enable this option if you want to allow users to report a lost token to a specific email address.

    Allow users to temporarily use SMS token authentication if a mobile number was pre-configured

    Enable this option if you want to allow users to switch to temporary SMS based authentication. The administrator will also be notified.

    Allow users to temporarily use email token authentication if an email was pre-configured

    Enable this option if you want to allow users to switch to temporary email based authentication. The administrator will also be notified.

    Allow users to re-provision their FortiToken Mobile

    Enable this option if you want to allow mobile users to re-provision their token.

    How a user registers a token

    If enabled, a user can self-register a token from the user portal screen.

    To self-register:
    1. Browse to the IP address of the user portal and log in.
    2. Go to My Account > User > Register Token to open the token registration options.
    3. Fill in all the required fields.

      4. Only options that the administrator has configured under the Token Self-registration options are available.

    4. Select OK to register token.

      If a token is already assigned to the user, the token registration page will display the token along with its serial number.

    How a user reports a lost token

    A user can report a lost token (mobile or physical) from the user portal screen.

    To report lost token:
    1. Browse to the IP address of the user portal.
    2. Select I lost my token.

      3. The user is directed to a page warning them that their account will be locked and the administrator will be notified. Select OK to continue.

    3. Select the preferred option.

      4. Only options that the administrator has configured under the Token Self-revocation options are available.

    4. Select OK to continue.
    Previous
    Next