Set up FortiToken multi-factor authentication

This configuration adds multi-factor authentication (MFA) to the split tunnel configuration (SSL VPN split tunnel for remote user). It uses one of the two free mobile FortiTokens that is already installed on the FortiGate.

To configure MFA using the GUI:
  1. Configure a user and user group:
    1. Go to User & Authentication > User Definition and edit local user sslvpnuser1.
    2. Enable Two-factor Authentication.
    3. For Authentication Type, click FortiToken and select one mobile Token from the list.
    4. Enter the user's Email Address.
    5. Enable Send Activation Code and select Email.
    6. Click Next and click Submit.
  2. Activate the mobile token.

    When a FortiToken is added to user sslvpnuser1, an email is sent to the user's email address. Follow the instructions to install your FortiToken mobile application on your device and activate your token.

To configure MFA using the CLI:
  1. Configure a user and user group: