Fortinet black logo

FortiAuthenticator Agent for Microsoft Windows 5.1 Install Guide

Home FortiAuthenticator 6.6.0 FortiAuthenticator Agent for Microsoft Windows 5.1 Install Guide
6.6.0
6.6.0
6.5.0

FortiAuthenticator configuration

FortiAuthenticator configuration

To enhance the Microsoft Windows operating system login with the use of a OTP (i.e. the two-factor authentication token), FortiAuthenticator Agent for Microsoft Windows uses the FortiAuthenticator REST API. To use the REST API, a key is required which must be generated before installing the desktop agent software.

Note

REST API admin access must be enabled on the FortiAuthenticator interface. To enable REST API on an interface, go to System > Network > Interfaces, edit the interface, and enable the REST API (/api) option in Admin access under Access Rights pane.

Generating an API key requires a working email configuration. Before proceeding, configure and test an email server in System > Messaging > SMTP Servers and set it as active in System > Messaging > Email Services.

To generate an API key:
  1. Log in to FortiAuthenticator.
  2. Go to Authentication > User Management > Local Users.
  3. From the local users list, select an administrator account with limited privileges.

    Use an administrator account with only Webservice Authentication permission set as Read&Write.

  4. In the User Role pane, enable Web service access. This allows the admin to access web services using REST API.
  5. Click Save.
  6. In the dialog that appears, enter the password of the currently logged in administrator and click Verify.

    The User API Access Key window appears.

  7. Enable Email API Key and enter the email address where the API key is to be sent.
  8. Click OK.

    An email containing the API Key for that user will be sent.

    The required users should be imported via LDAP and assigned a FortiToken with which to authenticate before proceeding.

Previous
Next

FortiAuthenticator configuration

To enhance the Microsoft Windows operating system login with the use of a OTP (i.e. the two-factor authentication token), FortiAuthenticator Agent for Microsoft Windows uses the FortiAuthenticator REST API. To use the REST API, a key is required which must be generated before installing the desktop agent software.

Note

REST API admin access must be enabled on the FortiAuthenticator interface. To enable REST API on an interface, go to System > Network > Interfaces, edit the interface, and enable the REST API (/api) option in Admin access under Access Rights pane.

Generating an API key requires a working email configuration. Before proceeding, configure and test an email server in System > Messaging > SMTP Servers and set it as active in System > Messaging > Email Services.

To generate an API key:
  1. Log in to FortiAuthenticator.
  2. Go to Authentication > User Management > Local Users.
  3. From the local users list, select an administrator account with limited privileges.

    Use an administrator account with only Webservice Authentication permission set as Read&Write.

  4. In the User Role pane, enable Web service access. This allows the admin to access web services using REST API.
  5. Click Save.
  6. In the dialog that appears, enter the password of the currently logged in administrator and click Verify.

    The User API Access Key window appears.

  7. Enable Email API Key and enter the email address where the API key is to be sent.
  8. Click OK.

    An email containing the API Key for that user will be sent.

    The required users should be imported via LDAP and assigned a FortiToken with which to authenticate before proceeding.

Previous
Next