Fortinet black logo

Cookbook

Steps to use FortiToken Cloud

Copy Link
Copy Doc ID dd9092ba-917a-11ea-aafb-00505692583a:83677
Download PDF

Steps to use FortiToken Cloud

To assign a FortiToken Cloud to a local or remote user using a FortiAuthenticator or FortiGate, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.

FortiAuthenticator can also provide tokens massively to multiple users on an LDAP corporate server.

The minimum required version is:

  • FortiAuthenticator: 6.0 or later
  • FortiGate: 6.2 or later
To configure FortiToken Cloud to a local or remote user using a FortiAuthenticator:
  1. Go to Authentication > User Management > Local Users or Authentication > User Management > Remote Users.
  2. Create a new user, or edit an existing user. See User management, in the FortiAuthenticator Administration Guide, for more information.
  3. Enable Password-based authentication and define a password.
  4. Set Deliver token code by to FortiToken and enable FortiToken Cloud.
  5. Configure an email address where the user will receive the token activation key.

Click OK.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Go to User & Device > User Definition.
  2. Edit an existing user, or create a new user using the User/Groups Creation Wizard.
  3. Ensure that an email address is added for the user.
  4. Enable Two-factor Authentication and set Authentication Type to FortiToken Cloud.

  5. Configure the remaining settings as needed, then click OK.
To confirm that the tokens are functioning correctly:
  1. Log in at https://ftc.fortinet.com.
  2. Go to Users to view the users and their assigned tokens.

To provide tokens to multiple users in an LDAP corporate server:
  1. On the FortiAuthenticator, go to Authentication > User Management > Remote User Sync Rules.
  2. Create a new rule, or edit an existing rule. See Remote user sync rules, in the FortiAuthenticator Administration Guide, for more information.
  3. Ensure that in Token-based authentication sync priorities, FortiToken Cloud is enabled.
  4. Ensure that the Email field is set correctly, otherwise the FortiAuthenticator will not import the users, as it has no way of sending the activation keys to them.

  5. Configure the remaining settings as needed.
  6. Click OK.
  7. After the rule runs, go to Authentication > User Management > Remote Users to see a list of the users and their tokens.

Steps to use FortiToken Cloud

To assign a FortiToken Cloud to a local or remote user using a FortiAuthenticator or FortiGate, the device must be registered on the same account as the FortiToken Cloud contracts; see Fortinet Customer Service & Support.

FortiAuthenticator can also provide tokens massively to multiple users on an LDAP corporate server.

The minimum required version is:

  • FortiAuthenticator: 6.0 or later
  • FortiGate: 6.2 or later
To configure FortiToken Cloud to a local or remote user using a FortiAuthenticator:
  1. Go to Authentication > User Management > Local Users or Authentication > User Management > Remote Users.
  2. Create a new user, or edit an existing user. See User management, in the FortiAuthenticator Administration Guide, for more information.
  3. Enable Password-based authentication and define a password.
  4. Set Deliver token code by to FortiToken and enable FortiToken Cloud.
  5. Configure an email address where the user will receive the token activation key.

Click OK.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Go to User & Device > User Definition.
  2. Edit an existing user, or create a new user using the User/Groups Creation Wizard.
  3. Ensure that an email address is added for the user.
  4. Enable Two-factor Authentication and set Authentication Type to FortiToken Cloud.

  5. Configure the remaining settings as needed, then click OK.
To confirm that the tokens are functioning correctly:
  1. Log in at https://ftc.fortinet.com.
  2. Go to Users to view the users and their assigned tokens.

To provide tokens to multiple users in an LDAP corporate server:
  1. On the FortiAuthenticator, go to Authentication > User Management > Remote User Sync Rules.
  2. Create a new rule, or edit an existing rule. See Remote user sync rules, in the FortiAuthenticator Administration Guide, for more information.
  3. Ensure that in Token-based authentication sync priorities, FortiToken Cloud is enabled.
  4. Ensure that the Email field is set correctly, otherwise the FortiAuthenticator will not import the users, as it has no way of sending the activation keys to them.

  5. Configure the remaining settings as needed.
  6. Click OK.
  7. After the rule runs, go to Authentication > User Management > Remote Users to see a list of the users and their tokens.