Fortinet black logo

New Features

Migrating FortiToken Mobile users from FortiOS to FortiToken Cloud 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:425212
Download PDF

Migrating FortiToken Mobile users from FortiOS to FortiToken Cloud 7.0.4

The execute fortitoken-cloud migrate-ftm <license> <vdom> command allows the migration of FortiToken Mobile users from FortiOS to FortiToken Cloud. The FortiToken Cloud account must be using a time-based subscription license. A request must be made to Fortinet Customer Service to initiate and pre-authorize the transfer. All current active FortiToken Mobile users will be migrated to the FortiToken Cloud license with no changes to the FortiToken Mobile serial number. The FortiOS user or administrator's two-factor setting is automatically converted from fortitoken to fortitoken-cloud. After migration, end users will be able to authenticate as before without any changes to their FortiToken mobile app.

To migrate FortiToken Mobile users from FortiOS to FortiToken Cloud:
  1. Ensure that the network communication to the FortiToken Cloud server is working and that the FortiGate has a valid time-based license:
    # execute fortitoken-cloud show
    FortiToken Cloud service status: licensed, service ready.
    Service balance: 100.00 users. Expiration date: 2023-01-21. Customer ID: *******. 
  2. Obtain the FortiToken Mobile license number you want to migrate. For example:
    show user fortitoken FTKMOB21********
    config user fortitoken
        edit "FTKMOB21********"
            set license "EFTM00**********"
            set activation-code ****************
            set activation-expire 1643060275
            set reg-id **********
            set os-ver "5.3.0_IOS"
        next
    end

    There is one active FortiToken Mobile user with two-factor authentication, ftm-mig1, that will be migrated:

    show system admin ftm-mig1
    config system admin
        edit "ftm-mig1"
            set accprofile "super_admin"
            set vdom "vdom1"
            set two-factor fortitoken
            set fortitoken "FTKMOB21********"
            set email-to "*****@fortinet.com"
            set password ****************
        next
    end
  3. Send a pre-authorization request to Fortinet Customer Service that contains the FortiGate serial number and FortiToken Mobile license (see Migrate FTM tokens to FortiToken Cloud for more details). Continue the migration process once you receive the migration flag from Customer Service.
  4. Start the migration process:
    # execute fortitoken-cloud migrate-ftm EFTM00********** root
    Warning: Please acknowledge that once the license and its tokens are migrated to FortiToken Cloud
     - The original FTM license gets invalidated and it cannot be reversed.
     - You will switch from perpetual to annual subscription license.
    Please contact customer support to get the migration pre-authorization
    and backup your FortiGate configuration!
    Ready to proceed? (y/n)y 

    A message appears once the migration is complete:

    1: Converted admin(ftm-mig1) for license(EFTM00**********) in vdom(root)
    License(EFTM00**********) in VDOM(root): Total 1 admin/local user(s) converted to two-factor Fortitoken-Cloud!
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB21********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration

    All FortiToken Mobile tokens are no longer valid.

To verify the user status after migration:
# diagnose fortitoken-cloud show service
FortiToken Cloud service status: licensed, service ready.
Service balance: 105.00 users. Expiration date: 2023-01-24. Customer ID: *******.
FortiToken Cloud account number of users: 1, max number of users: 105.
To verify that all users were migrated successfully:
  1. Run the diagnostic command:
    # diagnose fortitoken-cloud show users
    Number of users in fortitoken cloud: 1
     1: username:ftm-mig1 vdom:#FOS_Administrator email:*****@fortinet.com phone: realm:default userdata:0
  2. Verify the user account. The two-factor setting authentication setting has changed to FortiToken Cloud:
    config system admin
        edit "ftm-mig1"
            set accprofile "super_admin"
            set vdom "root"
            set two-factor fortitoken-cloud 
            set email-to "*****@fortinet.com"
            set password ****************
        next
    end
To verify the migration status in FortiToken Cloud:
  1. Log in to the FortiToken Cloud server (ftc.fortinet.com).
  2. In the tree menu, click the Users tab. The ftm-mig1 user appears and the serial number (Token SN) remains the same.

Migrating FortiToken Mobile users from FortiOS to FortiToken Cloud 7.0.4

The execute fortitoken-cloud migrate-ftm <license> <vdom> command allows the migration of FortiToken Mobile users from FortiOS to FortiToken Cloud. The FortiToken Cloud account must be using a time-based subscription license. A request must be made to Fortinet Customer Service to initiate and pre-authorize the transfer. All current active FortiToken Mobile users will be migrated to the FortiToken Cloud license with no changes to the FortiToken Mobile serial number. The FortiOS user or administrator's two-factor setting is automatically converted from fortitoken to fortitoken-cloud. After migration, end users will be able to authenticate as before without any changes to their FortiToken mobile app.

To migrate FortiToken Mobile users from FortiOS to FortiToken Cloud:
  1. Ensure that the network communication to the FortiToken Cloud server is working and that the FortiGate has a valid time-based license:
    # execute fortitoken-cloud show
    FortiToken Cloud service status: licensed, service ready.
    Service balance: 100.00 users. Expiration date: 2023-01-21. Customer ID: *******. 
  2. Obtain the FortiToken Mobile license number you want to migrate. For example:
    show user fortitoken FTKMOB21********
    config user fortitoken
        edit "FTKMOB21********"
            set license "EFTM00**********"
            set activation-code ****************
            set activation-expire 1643060275
            set reg-id **********
            set os-ver "5.3.0_IOS"
        next
    end

    There is one active FortiToken Mobile user with two-factor authentication, ftm-mig1, that will be migrated:

    show system admin ftm-mig1
    config system admin
        edit "ftm-mig1"
            set accprofile "super_admin"
            set vdom "vdom1"
            set two-factor fortitoken
            set fortitoken "FTKMOB21********"
            set email-to "*****@fortinet.com"
            set password ****************
        next
    end
  3. Send a pre-authorization request to Fortinet Customer Service that contains the FortiGate serial number and FortiToken Mobile license (see Migrate FTM tokens to FortiToken Cloud for more details). Continue the migration process once you receive the migration flag from Customer Service.
  4. Start the migration process:
    # execute fortitoken-cloud migrate-ftm EFTM00********** root
    Warning: Please acknowledge that once the license and its tokens are migrated to FortiToken Cloud
     - The original FTM license gets invalidated and it cannot be reversed.
     - You will switch from perpetual to annual subscription license.
    Please contact customer support to get the migration pre-authorization
    and backup your FortiGate configuration!
    Ready to proceed? (y/n)y 

    A message appears once the migration is complete:

    1: Converted admin(ftm-mig1) for license(EFTM00**********) in vdom(root)
    License(EFTM00**********) in VDOM(root): Total 1 admin/local user(s) converted to two-factor Fortitoken-Cloud!
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB21********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration
    fas_migrate_token_clear[667]: Deleted token(FTKMOB22********) and license(EFTM00**********) in vdom(root) configuration

    All FortiToken Mobile tokens are no longer valid.

To verify the user status after migration:
# diagnose fortitoken-cloud show service
FortiToken Cloud service status: licensed, service ready.
Service balance: 105.00 users. Expiration date: 2023-01-24. Customer ID: *******.
FortiToken Cloud account number of users: 1, max number of users: 105.
To verify that all users were migrated successfully:
  1. Run the diagnostic command:
    # diagnose fortitoken-cloud show users
    Number of users in fortitoken cloud: 1
     1: username:ftm-mig1 vdom:#FOS_Administrator email:*****@fortinet.com phone: realm:default userdata:0
  2. Verify the user account. The two-factor setting authentication setting has changed to FortiToken Cloud:
    config system admin
        edit "ftm-mig1"
            set accprofile "super_admin"
            set vdom "root"
            set two-factor fortitoken-cloud 
            set email-to "*****@fortinet.com"
            set password ****************
        next
    end
To verify the migration status in FortiToken Cloud:
  1. Log in to the FortiToken Cloud server (ftc.fortinet.com).
  2. In the tree menu, click the Users tab. The ftm-mig1 user appears and the serial number (Token SN) remains the same.