Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.16
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    Registering hard tokens

    Registering hard tokens

    Registering FortiTokens consists of the following steps:

    1. Adding FortiTokens to FortiOS.
    2. Activating FortiTokens.
    3. Associating FortiTokens with user accounts.

    Adding FortiTokens to FortiOS

    You can add FortiTokens to FortiOS in the following ways:

    To manually add single hard token to FortiOS using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Click Create New.
    3. For Type, select Hard Token.
    4. In the Serial Number field, enter one or more FortiToken serial numbers.
    5. Click OK.

    To add multiple FortiTokens to FortiOS using the CLI:

    config user fortitoken

    edit <serial_number>

    next

    edit <serial_number2>

    next

    end

    To import multiple FortiTokens to FortiOS using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Click Create New.
    3. For Type, select Hard Token.
    4. Click Import. The Import Tokens section slides in on the screen.

    5. Select Serial Number File.
      Note

      Seed files are only used with FortiToken-200CD. These are special hardware tokens that come with FortiToken seeds on a CD. See the FortiToken Comprehensive Guide for details.

    6. Click Upload.
    7. Browse to the file's location on your local machine, select the file, then click OK.
    8. Click OK.

    Activating FortiTokens

    You must activate the FortiTokens before starting to use them. FortiOS requires connection to FortiGuard servers for FortiToken activation. During activation, FortiOS queries FortiGuard servers about each token's validity. Each token can only be used on a single FortiGate or FortiAuthenticator. If tokens are already registered, they are deemed invalid for re-activation on another device. FortiOS encrypts the serial number and information before sending for added security.

    To activate a FortiToken using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Select the desired FortiTokens that have an Available status.
    3. Click Activate from the menu above.
    4. Click Refresh. The selected FortiTokens are activated.
    To activate a FortiToken using the CLI:

    config user fortitoken

    edit <token_serial_num>

    set status activate

    next

    end

    Associating FortiTokens with user accounts

    You can associate FortiTokens with local user or administrator accounts.

    To associate a FortiToken to a local user account using the GUI:
    1. Ensure that you have successfully added your FortiToken serial number to FortiOS and that its status is Available.
    2. Go to User & Device > User Definition. Edit the desired user account.
    3. In the Email Address field, enter the user's email address.
    4. Enable Two-factor Authentication.
    5. From the Token dropdown list, select the desired FortiToken serial number.
    6. Click OK.
    To associate a FortiToken to a local user account using the CLI:

    config user local

    edit <username>

    set type password

    set passwd "myPassword"

    set two-factor fortitoken

    set fortitoken <serial_number>

    set email-to "username@example.com"

    set status enable

    next

    end

    Note

    Before you can use a new FortiToken, you may need to synchronize it due to clock drift.

    To associate a FortiToken to an administrator account, refer to the Associating a FortiToken to an administrator account section.

    Previous
    Next

    Registering hard tokens

    Registering hard tokens

    Registering FortiTokens consists of the following steps:

    1. Adding FortiTokens to FortiOS.
    2. Activating FortiTokens.
    3. Associating FortiTokens with user accounts.

    Adding FortiTokens to FortiOS

    You can add FortiTokens to FortiOS in the following ways:

    To manually add single hard token to FortiOS using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Click Create New.
    3. For Type, select Hard Token.
    4. In the Serial Number field, enter one or more FortiToken serial numbers.
    5. Click OK.

    To add multiple FortiTokens to FortiOS using the CLI:

    config user fortitoken

    edit <serial_number>

    next

    edit <serial_number2>

    next

    end

    To import multiple FortiTokens to FortiOS using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Click Create New.
    3. For Type, select Hard Token.
    4. Click Import. The Import Tokens section slides in on the screen.

    5. Select Serial Number File.
      Note

      Seed files are only used with FortiToken-200CD. These are special hardware tokens that come with FortiToken seeds on a CD. See the FortiToken Comprehensive Guide for details.

    6. Click Upload.
    7. Browse to the file's location on your local machine, select the file, then click OK.
    8. Click OK.

    Activating FortiTokens

    You must activate the FortiTokens before starting to use them. FortiOS requires connection to FortiGuard servers for FortiToken activation. During activation, FortiOS queries FortiGuard servers about each token's validity. Each token can only be used on a single FortiGate or FortiAuthenticator. If tokens are already registered, they are deemed invalid for re-activation on another device. FortiOS encrypts the serial number and information before sending for added security.

    To activate a FortiToken using the GUI:
    1. Go to User & Device > FortiTokens.
    2. Select the desired FortiTokens that have an Available status.
    3. Click Activate from the menu above.
    4. Click Refresh. The selected FortiTokens are activated.
    To activate a FortiToken using the CLI:

    config user fortitoken

    edit <token_serial_num>

    set status activate

    next

    end

    Associating FortiTokens with user accounts

    You can associate FortiTokens with local user or administrator accounts.

    To associate a FortiToken to a local user account using the GUI:
    1. Ensure that you have successfully added your FortiToken serial number to FortiOS and that its status is Available.
    2. Go to User & Device > User Definition. Edit the desired user account.
    3. In the Email Address field, enter the user's email address.
    4. Enable Two-factor Authentication.
    5. From the Token dropdown list, select the desired FortiToken serial number.
    6. Click OK.
    To associate a FortiToken to a local user account using the CLI:

    config user local

    edit <username>

    set type password

    set passwd "myPassword"

    set two-factor fortitoken

    set fortitoken <serial_number>

    set email-to "username@example.com"

    set status enable

    next

    end

    Note

    Before you can use a new FortiToken, you may need to synchronize it due to clock drift.

    To associate a FortiToken to an administrator account, refer to the Associating a FortiToken to an administrator account section.

    Previous
    Next