Fortinet black logo

Cookbook

Add FortiToken two-factor authentication

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:104471
Download PDF

Add FortiToken two-factor authentication

This configuration adds two-factor authentication (2FA) to the FortiClient dialup VPN configuration (Configuring the IPsec VPN). It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

To configure 2FA using the GUI:
  1. Configure a user:
    1. Go to User & Device > User Definition and create or edit local user twoFAuser1.
    2. Enter the user's Email Address.
    3. Enable Two-factor Authentication and select one mobile Token from the list,
    4. Enable Send Activation Code and select Email.
    5. Click Next and click Submit.
  2. Add the user to the group:
    1. Go to User & Device > User Groups and edit the Employees.
    2. Add twoFAuser1 to the Members list.
    3. Click OK.
  3. Activate the mobile token.
    1. When a FortiToken is added to user twoFAuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.
To configure 2FA using the CLI:
  1. Configure a user and user group.
    config user local
        edit "twoFAuser1"
            set type password
            set two-factor fortitoken
            set fortitoken <select mobile token for the option list>
            set email-to <user's email address>
            set passwd <user's password>
        next
    end
    config user group
        edit "Employees" 
            append member "twoFAuser1"
        next 
    end
  2. Activate the mobile token.
    1. When a FortiToken is added to user twoFAuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.

Add FortiToken two-factor authentication

This configuration adds two-factor authentication (2FA) to the FortiClient dialup VPN configuration (Configuring the IPsec VPN). It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

To configure 2FA using the GUI:
  1. Configure a user:
    1. Go to User & Device > User Definition and create or edit local user twoFAuser1.
    2. Enter the user's Email Address.
    3. Enable Two-factor Authentication and select one mobile Token from the list,
    4. Enable Send Activation Code and select Email.
    5. Click Next and click Submit.
  2. Add the user to the group:
    1. Go to User & Device > User Groups and edit the Employees.
    2. Add twoFAuser1 to the Members list.
    3. Click OK.
  3. Activate the mobile token.
    1. When a FortiToken is added to user twoFAuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.
To configure 2FA using the CLI:
  1. Configure a user and user group.
    config user local
        edit "twoFAuser1"
            set type password
            set two-factor fortitoken
            set fortitoken <select mobile token for the option list>
            set email-to <user's email address>
            set passwd <user's password>
        next
    end
    config user group
        edit "Employees" 
            append member "twoFAuser1"
        next 
    end
  2. Activate the mobile token.
    1. When a FortiToken is added to user twoFAuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.