Steps to use FortiToken Cloud
To assign a FortiToken Cloud to a local or remote user using a FortiAuthenticator or FortiGate, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.
FortiAuthenticator can also provide tokens massively to multiple users on an LDAP corporate server.
The minimum required version is:
- FortiAuthenticator: 6.0 or later
- FortiGate: 6.2 or later
To configure FortiToken Cloud to a local or remote user using a FortiAuthenticator:
- Go to Authentication > User Management > Local Users or Authentication > User Management > Remote Users.
- Create a new user, or edit an existing user. See User management, in the FortiAuthenticator Administration Guide, for more information.
- Enable Password-based authentication and define a password.
- Set Deliver token code by to FortiToken and enable FortiToken Cloud.
- Configure an email address where the user will receive the token activation key.
To configure FortiToken Cloud to a local or remote user using a FortiGate:
- Go to User & Device > User Definition.
- Edit an existing user, or create a new user using the User/Groups Creation Wizard.
- Ensure that an email address is added for the user.
- Enable Two-factor Authentication and set Authentication Type to FortiToken Cloud.
- Configure the remaining settings as needed, then click OK.
To confirm that the tokens are functioning correctly:
- Log in at https://ftc.fortinet.com.
- Go to Users to view the users and their assigned tokens.
To provide tokens to multiple users in an LDAP corporate server:
- On the FortiAuthenticator, go to Authentication > User Management > Remote User Sync Rules.
- Create a new rule, or edit an existing rule. See Remote user sync rules, in the FortiAuthenticator Administration Guide, for more information.
- Ensure that in Token-based authentication sync priorities, FortiToken Cloud is enabled.
- Ensure that the Email field is set correctly, otherwise the FortiAuthenticator will not import the users, as it has no way of sending the activation keys to them.
- Configure the remaining settings as needed.
- Click OK.
- After the rule runs, go to Authentication > User Management > Remote Users to see a list of the users and their tokens.