Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Agent Deployment Guide

    Home FortiDLP Agent 12.0.0 FortiDLP Agent Deployment Guide
    12.0.0
    12.0.0
    11.5.1
    11.4.6
    11.4.5
    11.4.3
    11.4.2
    11.3.4
    11.3.3
    11.3.2
    11.2.3
    11.2.0
    11.1.2
    11.1.1
    11.0.1
    10.5.1
    10.4.0
    10.3.1

    Generating FortiDLP Agent enrollment tokens

    Generating FortiDLP Agent enrollment tokens

    You must install and enroll the FortiDLP Agent on each device your organization wants to monitor. To get started, you will need to create an enrollment token.

    When you create an enrollment token, you simultaneously create an enrollment code and enrollment bundle. The code and bundle contain configuration details for the deployment, which are required to authenticate the FortiDLP Agent on devices and enable communication with the FortiDLP Infrastructure. You can use the code or the bundle when you later complete enrollment, and the same code/bundle can be used to enroll the FortiDLP Agent on multiple devices. For more information about enrollment, see:

    To limit usage, an enrollment token can have a maximum number of uses and/or an expiry. If needed, you can update a token to extend the number of uses and expiry of the associated code/bundle. For details, see Extending FortiDLP Agent enrollment tokens. Alternatively, you can generate a token with an unlimited number of uses that never expires.

    Caution

    It is pertinent that you protect access to enrollment codes/bundles, as they can be used to gain unauthorized access to the system.
    How to generate a FortiDLP Agent enrollment token
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Agents, select the Agent deployment tab.
    3. Click Create new token.
    4. In the Create a new enrollment token dialog box, do the following:
      1. In the Description field, type a description to identify the token in the Enrollment tokens table.
      2. Optionally, to assign labels to the device(s) upon enrollment, in the Assign labels upon enrollment list, select one or more labels.
      3. Do one of the following:
        • To allow unlimited use of the token, leave the Unlimited uses toggle on.
        • To limit use of the token:
          1. Turn the Unlimited uses toggle off.
          2. In the Maximum number of uses menu:
            • To enroll one device with the token, leave the default value of 1.
            • To enroll multiple devices with the token, type or select the maximum number of devices that can be enrolled.
      4. Do one of the following:
        • To allow the token to be used indefinitely, leave the Never expire toggle on.
        • To set an expiry for the token:
          1. Turn the Never expire toggle off.
          2. In the Expiration date menu, select a date for the token's expiry.
      5. If you are generating a token for one device, in the User that this token belongs to menu, select the user's name who will access the device being monitored. You can type the first few letters of the user's name to filter the list.

        6. Note

        Users display in this menu after you either integrate with an Entra ID or LDAP directory or manually create them using the FortiDLP API.

        For Windows devices, completion of this field is optional if the user is in an LDAP directory that has already been synced with the FortiDLP Infrastructure. This is because the FortiDLP Agent uses the security identifier (SID) of the logged in domain account to identify the user.

      6. Click Create.
        The enrollment code and bundle are created.
    5. In the panel of the token, do one of the following:
      • To use the code, click Copy code.
      • To use the bundle, click Download bundle.
    Previous
    Next

    Generating FortiDLP Agent enrollment tokens

    Generating FortiDLP Agent enrollment tokens

    You must install and enroll the FortiDLP Agent on each device your organization wants to monitor. To get started, you will need to create an enrollment token.

    When you create an enrollment token, you simultaneously create an enrollment code and enrollment bundle. The code and bundle contain configuration details for the deployment, which are required to authenticate the FortiDLP Agent on devices and enable communication with the FortiDLP Infrastructure. You can use the code or the bundle when you later complete enrollment, and the same code/bundle can be used to enroll the FortiDLP Agent on multiple devices. For more information about enrollment, see:

    To limit usage, an enrollment token can have a maximum number of uses and/or an expiry. If needed, you can update a token to extend the number of uses and expiry of the associated code/bundle. For details, see Extending FortiDLP Agent enrollment tokens. Alternatively, you can generate a token with an unlimited number of uses that never expires.

    Caution

    It is pertinent that you protect access to enrollment codes/bundles, as they can be used to gain unauthorized access to the system.
    How to generate a FortiDLP Agent enrollment token
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Under Agents, select the Agent deployment tab.
    3. Click Create new token.
    4. In the Create a new enrollment token dialog box, do the following:
      1. In the Description field, type a description to identify the token in the Enrollment tokens table.
      2. Optionally, to assign labels to the device(s) upon enrollment, in the Assign labels upon enrollment list, select one or more labels.
      3. Do one of the following:
        • To allow unlimited use of the token, leave the Unlimited uses toggle on.
        • To limit use of the token:
          1. Turn the Unlimited uses toggle off.
          2. In the Maximum number of uses menu:
            • To enroll one device with the token, leave the default value of 1.
            • To enroll multiple devices with the token, type or select the maximum number of devices that can be enrolled.
      4. Do one of the following:
        • To allow the token to be used indefinitely, leave the Never expire toggle on.
        • To set an expiry for the token:
          1. Turn the Never expire toggle off.
          2. In the Expiration date menu, select a date for the token's expiry.
      5. If you are generating a token for one device, in the User that this token belongs to menu, select the user's name who will access the device being monitored. You can type the first few letters of the user's name to filter the list.

        6. Note

        Users display in this menu after you either integrate with an Entra ID or LDAP directory or manually create them using the FortiDLP API.

        For Windows devices, completion of this field is optional if the user is in an LDAP directory that has already been synced with the FortiDLP Infrastructure. This is because the FortiDLP Agent uses the security identifier (SID) of the logged in domain account to identify the user.

      6. Click Create.
        The enrollment code and bundle are created.
    5. In the panel of the token, do one of the following:
      • To use the code, click Copy code.
      • To use the bundle, click Download bundle.
    Previous
    Next