Two-factor authentication
You can require two-factor authentication for a specific FortiEDR user. In this case, that user must provide additional proof in addition to his or her user name and password when logging in to FortiEDR. To verify the user’s identity, FortiEDR supports two-factor authentication using FortiToken or any third-party authentication application, such as Google Authenticator, Microsoft Authenticator, Okta, or Duo.
To require two-factor authentication on a user, check the Require two-factor authentication for this user checkbox for that user, as described in Users.
The following is an example of how a user logs in using two-factor authentication with Google Authenticator:
- When prompted with the following window during your first login, enter the user name and password and click LOGIN.
- On your mobile device, click the Google Authenticator icon to launch Google Authenticator. A QR code displays in the FortiEDR window, as shown below:
- Scan the QR code using your mobile device. A FortiEDR token appears on the mobile device, as shown below. Note that this token (code) changes every 30 seconds.
- In the FortiEDR login window, click the INSERT AUTHENTICATOR CODE button. The following window displays:
- Enter the authentication token (code) you received in step 3, and then click SUBMIT. Be sure to enter the latest code, as the code changes every 30 seconds.
You can then log in FortiEDR without two-factor authentication for seven days. FortiEDR verifies your identity every seven days by asking you for a new token. After each seven-day cycle, repeat steps 1 through 5 to authenticate yourself again. To set a different cycle on a standalone environment, please contact Fortinet Support.