Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.1.0 Administration Guide
5.1.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Two-factor Authentication

Two-factor Authentication

You can require two-factor authentication for a specific FortiEDR user. In this case, that user must provide additional proof in addition to their user name and password whenever logging in to FortiEDR. In FortiEDR, two-factor authentication can be used with any third-party authentication application such as Google Authenticator, Microsoft Authenticator or Duo, in order to verify the user’s identify.

To designate that a user requires two-factor authentication, you must check the Require two-factor authentication for this user checkbox for that user, as described in Users.

To log in using two-factor authentication (in this example we use the Google Authenticator app):
  1. For a user who requires two-factor authentication to log in, the following window appears the first time that user attempts to log in.

  2. 2 Enter the user name and password and click LOGIN.

  3. After clicking LOGIN, the user’s identify must be verified using Google Authenticator. To do so, launch Google Authenticator by clicking the Google Authenticator icon on your mobile device. A QR code displays, as shown below:

  4. Scan the QR code that displays in the FortiEDR window using your mobile device. After scanning, a FortiEDR token appears on the mobile device, as shown below. Note that this token (code) changes every 30 seconds.

  5. In the FortiEDR login window, click the INSERT AUTHENTICATOR CODE button. The following window displays:

  6. Enter the authentication token (code) you received in step 4, and then click SUBMIT. Be sure to enter the latest code, as the code changes every 30 seconds.

    From this point on, the user can log in using the standard manner. Note that FortiEDR asks for a new token once every seven days. This means that you must repeat steps 1 through 6 when logging in to FortiEDR every seven days.

Previous
Next

Two-factor Authentication

You can require two-factor authentication for a specific FortiEDR user. In this case, that user must provide additional proof in addition to their user name and password whenever logging in to FortiEDR. In FortiEDR, two-factor authentication can be used with any third-party authentication application such as Google Authenticator, Microsoft Authenticator or Duo, in order to verify the user’s identify.

To designate that a user requires two-factor authentication, you must check the Require two-factor authentication for this user checkbox for that user, as described in Users.

To log in using two-factor authentication (in this example we use the Google Authenticator app):
  1. For a user who requires two-factor authentication to log in, the following window appears the first time that user attempts to log in.

  2. 2 Enter the user name and password and click LOGIN.

  3. After clicking LOGIN, the user’s identify must be verified using Google Authenticator. To do so, launch Google Authenticator by clicking the Google Authenticator icon on your mobile device. A QR code displays, as shown below:

  4. Scan the QR code that displays in the FortiEDR window using your mobile device. After scanning, a FortiEDR token appears on the mobile device, as shown below. Note that this token (code) changes every 30 seconds.

  5. In the FortiEDR login window, click the INSERT AUTHENTICATOR CODE button. The following window displays:

  6. Enter the authentication token (code) you received in step 4, and then click SUBMIT. Be sure to enter the latest code, as the code changes every 30 seconds.

    From this point on, the user can log in using the standard manner. Note that FortiEDR asks for a new token once every seven days. This means that you must repeat steps 1 through 6 when logging in to FortiEDR every seven days.

Previous
Next