Fortinet black logo

Administration Guide

Add FortiToken multi-factor authentication

Add FortiToken multi-factor authentication

This configuration adds multi-factor authentication (MFA) to the FortiClient dialup VPN configuration (FortiClient as dialup client). It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

To configure MFA using the GUI:
  1. Edit the user:
    1. Go to User & Authentication > User Definition and edit local user vpnuser1.
    2. Enable Two-factor Authentication and select one mobile Token from the list,
    3. Enter the user's Email Address.
    4. Enable Send Activation Code and select Email.
    5. Click Next and click Submit.
  2. Activate the mobile token.
    1. When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.
To configure MFA using the CLI:
  1. Edit the user and user group:
    config user local
        edit "vpnuser1"
            set type password
            set two-factor fortitoken
            set fortitoken <select mobile token for the option list>
            set email-to <user's email address>
            set passwd <user's password>
        next
    end
    
  2. Activate the mobile token.
    1. When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.

Related Videos

sidebar video

Setting up IPSec VPN with MFA using FortiToken

  • 4,137 views
  • 3 years ago

Add FortiToken multi-factor authentication

This configuration adds multi-factor authentication (MFA) to the FortiClient dialup VPN configuration (FortiClient as dialup client). It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

To configure MFA using the GUI:
  1. Edit the user:
    1. Go to User & Authentication > User Definition and edit local user vpnuser1.
    2. Enable Two-factor Authentication and select one mobile Token from the list,
    3. Enter the user's Email Address.
    4. Enable Send Activation Code and select Email.
    5. Click Next and click Submit.
  2. Activate the mobile token.
    1. When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.
To configure MFA using the CLI:
  1. Edit the user and user group:
    config user local
        edit "vpnuser1"
            set type password
            set two-factor fortitoken
            set fortitoken <select mobile token for the option list>
            set email-to <user's email address>
            set passwd <user's password>
        next
    end
    
  2. Activate the mobile token.
    1. When a FortiToken is added to user vpnuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.