Enabling Two-Factor Authentication
You can enable Two-Factor Authentication (2FA) at the user level or the account level. See Settings in the Organization Portal guide for information on enforcing 2FA at the Organization level.
To enable 2FA for your account:
- Click the Account menu at the top-right of portal and select Security Credentials.
- In the navigation pane, click Two Factor Authentication. The Two Factor Authentication page opens.
- Click Edit.
- Select Enable Two Factor Authentication.
- Select the 2FA option, FortiToken or Email. See Logging in with 2FA for the first time.
FortiToken is the recommended 2FA method to give your account the best security. FortiToken 2FA will be enforced for new email accounts. Email accounts that already have email-based 2FA enabled cannot change the email address used and are encouraged to switch to FortiToken. See Switching 2FA authentication methods.
- Click Update.
To enable 2FA at the account level and exempt users:
- Go to Account Settings > Security Settings.
- Click Edit.
- Set Enforce 2FA to Yes.
- (Optional) Exempt users from 2FA.
By adding a users to the exemption list, you are allowing the user to bypass the Two-Factor Authentication process.
- Set Enable 2FA User Exemption to Yes.
- In the 2FA User Exemption List, click the plus (+) sign. The Add User/s to 2FA User Exemption List dialog opens.
- From the Select User Type dropdown, select IAM User or Email User.
An Email User is a legacy sub user in FortiCloud. For information, see User permissions in the Asset Management Administration Guide.
- Select a users from the list and click Add.
- Click Confirm.
- Click Update.
|
|
A user can still disable 2FA at the user at the user level. However, they cannot log in to the portal until they enable it again. |
To enable 2FA for a user:
- Go to IAM users and select a user from the list.
- Click the Security Credentials tab.
- Click Two Factor Authentication.
For information, see Managing IAM users and Managing IAM user groups.