Two-factor authentication
You can require two-factor authentication for all FortiEDR users or specific users, which means those users must provide additional proof in addition to his or her user name and password when logging in to FortiEDR. To verify the user’s identity, FortiEDR supports two-factor authentication using FortiToken or any third-party authentication application, such as Google Authenticator, Microsoft Authenticator, Okta, or Duo.
-
To enforce two-factor authentication on all users, check the Require 2FA checkbox when setting up the password policy.
-
To require two-factor authentication on specific users, disable the Require 2FA checkbox in Password Policy and check the Require Two-Factor Authentication for this user checkbox for that user, as described in Users.
The following is an example of how a user logs in using two-factor authentication with Google Authenticator:
- When prompted with the following window during your first login, enter the user name and password and click LOGIN.
- On your mobile device, click the Google Authenticator icon
to launch Google Authenticator. A QR code displays in the FortiEDR window, as shown below:
- Scan the QR code using your mobile device. A FortiEDR token appears on the mobile device, as shown below. Note that this token (code) changes every 30 seconds.
- In the FortiEDR login window, click the INSERT AUTHENTICATOR CODE button. The following window displays:
- Enter the authentication token (code) you received in step 3, and then click SUBMIT. Be sure to enter the latest code, as the code changes every 30 seconds.
Depending on the 2FA prompt frequency you set up for the user(s), FortiEDR verifies the user's identity for each login or on a daily or weekly basis by asking for a new token, when the user has to repeat steps 1 through 5 to re-authenticate. To set a different cycle on a standalone environment, please contact Fortinet Support.