Enabling two-factor authentication

You can enable two-factor authentication (2FA) at the user level or the account level.

To enable 2FA at the account level:

1. Go to Account Settings.
2. Click Edit.
3. Set Enforce 2FA to Yes.
4. (Optional) Exempt users from 2FA.

   By adding a users to the exemption list, you are allowing the user to bypass the two-factor authentication process.

   1. Set Enable 2FA User Exemption to Yes.
   2. In the 2FA User Exemption List, click the plus (+) sign. The Add User/s to 2FA User Exemption List dialog opens.
   3. From the Select User Type dropdown, select IAM User or Email User.

      An Email User is a legacy sub-user in FortiCloud. For information, see User permissions in the Asset Management Administration Guide.

   4. Select a users from the list and click Add.
   5. Click Confirm.
5. Click Update.

A user can still disable 2FA at the user at the user level. However, they cannot log in to the portal until they enable it again.

To enable 2FA for a user:

1. Go to IAM users and select a user from the list.
2. Click the Security Credentials tab.
3. Click Two Factor Authentication.

For information, see Managing IAM users and Managing IAM user groups.

To enable 2FA for your account:

1. Click the Account menu at the top-right of portal and select Security Credentials.

   

2. In the navigation pane, click Two Factor Authentication. The Two Factor Authentication page opens.
3. Click Edit.
4. Select Enable Two Factor Authentication.
5. Select the 2FA option, FortiToken or Email. See Logging in with 2FA for the first time.
6. Click Update.