FortiToken Cloud Provisioning
To assign a FortiToken Cloud to a local or remote user using a FortiGate or FortiAuthenticator, the device must be registered on the same account as the FortiToken Cloud contracts. This guide focuses on provisioning FortiToken Cloud on FortiGate. To know more about provisioning FortiToken Cloud on FortiAuthenticator, refer to the Getting Started—FAC-FTC users document.
To configure FortiToken Cloud to a local or remote user using a FortiGate:
- Enable the FortiToken Cloud service from the CLI:
config system global
set fortitoken-cloud-service enable
end
- Go to User & Device > User Definition.
- Edit an existing user, or create a new user using the Users/Groups Creation Wizard.
- Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
- Enable the Two-factor Authentication toggle.
- Select FortiToken Cloud for Authentication Type.
- Click OK.
To configure centralized token authentication in the cloud on the FortiGate using the CLI:
- Enable the FortiToken Cloud service feature:
config system global set fortitoken-cloud-service enable end
- Assign the token to local users or administrators using the
fortitoken-cloud
option:config user local edit "guest" set type password set two-factor fortitoken-cloud set email-to ......... ... next end
The following commands can be used to manage FortiToken Cloud users:
Command |
Description |
---|---|
|
Show all current users on the FortiToken Cloud server. |
|
Delete the specified user from FortiToken Cloud. |
|
Update the information on the FortiToken Cloud server after changing an email address or phone number on the FortiGate. |
|
Change the current FortiToken Cloud server. All FortiToken Cloud related operations on the FortiGate will be synchronized with the new server. |