FortiToken Mobile is an OATH compliant, event-based and time-based OTP generator for mobile devices. FortiToken Mobile produces its OTP codes in an application that you can download onto your Android or iOS mobile device without the need for a physical token.
FortiToken Mobile allows you to install multiple tokens for multi-factor authentication (MFA).
After your system administrator assigns your token, you receive a notification with an activation code and expiry date via SMS or email. If you do not activate your token by the expiry date, you must contact your system administrator so that they can reassign your token for activation.
The following instructions describe procedures when using FortiToken Mobile for iOS on an iPhone. Procedures may vary depending on your device and OS.
To activate a Fortinet or third-party token:
- On your device, open FortiToken Mobile. If this is your first time opening the application, it may prompt you to create a PIN for secure access to the application and tokens.
- Do one of the following:
- If you received your notification via email, select + and use the device camera to scan the token QR code in your email.
- If you received your notification via SMS, select Enter Manually, then select Fortinet or Other to add the token as a third-party token. In the Name field, enter your email address. In the Key field, enter the activation key. Select Done.
- FortiToken Mobile provisions and activates your token and generates token codes immediately. To view the OTP's digits, select the eye icon. After you open the application, FortiToken Mobile generates a new six-digit OTP every 30 seconds. All configured tokens display on the app's homescreen.
The MFA process commonly involves:
A third factor of authentication may also be added to the authentication process:
To use FortiToken Mobile tokens:
- Open FortiToken Mobile.
- Tap and hold on the OTP code to copy the OTP.
- Go to where you need to present the token's OTP, such as the FortiClient VPN client or an online portal page.
- Paste the OTP and log in to pass the 2FA authentication process.