Enabling Two-Factor Authentication
You can select the Two-Factor Authentication method at the user level or the account level. See Settings in the Organization Portal guide for information on enforcing Two-Factor Authentication at the Organization level.
To enable Two-Factor Authentication for your account:
- Click the Account menu at the top-right of portal and select Security Credentials.
-
In the navigation pane, click Two Factor Authentication. The Two Factor Authentication page opens.
-
Enable the Two-Factor Authentication option you prefer.
While email authentication is the default method, FortiToken is the recommended Two-Factor Authentication method to give your account the best security. Email accounts that already have email-based Two-Factor Authentication enabled cannot change the email address used and are encouraged to switch to FortiToken. See Switching Two-Factor Authentication methods.
SMS Two-Factor Authentication will only be available if a mobile number has been added to the account. See Contacts.
-
Click Update.
-
A verification dialog will open. The dialog that appears is dependent on the authentication method you chose. Follow the steps provided in the dialog to complete verification.
-
Click Submit.
Managing user authentication
You can edit the email address used for Two-Factor Authentication for a user in the User > User Profile tab. See Managing IAM users.
If a user has FortiToken or a third-party authenticator app enabled for Two-Factor Authentication and needs to reset it on a new device, you can temporarily change their authentication method to email. This allows the user to access their account using email authentication and re-enable the token for their new device.
To modify the Two-Factor Authentication method for a user:
- Go to Users and select the user from the list.
- Go to the Security Credentials tab.
- Under Two Factor Authentication, click Switch to Email Token.