Fortinet black logo

Administration Guide

Provisioning FortiToken Mobile

Provisioning FortiToken Mobile

Once registered, FortiTokens need to be provisioned for users before they can be activated. In this example, you will provision a mobile token for a local user. Similar steps can be taken to assign FortiTokens to other types of users.

To create a local user and assign a FortiToken in the FortiGate GUI:
  1. Go to User & Authentication > User Definition, and click Create New. The Users/Groups Creation Wizard appears.
  2. In the User Type tab, select Local User, and click Next.

  3. In the Login Credentials tab, enter a Username and Password for the user, and click Next.

  4. In the Contact Info tab:
    1. Enable the Two-factor Authentication toggle.
    2. Select FortiToken for Authentication Type.
    3. Select a Token to assign to the user from the drop-down list.
    4. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
    5. Click Next.

  5. In the Extra Info tab, make sure the User Account Status field is set to Enabled. You can also optionally assign the user to a user group by enabling the User Group toggle.

  6. Click Submit. An activation code should be sent to the created user by email or SMS, depending upon the delivery method configured above.
Note

FortiGate has the Email Service setting configured using the server notifications.fortinet.net by default. To see configuration, go to System > Settings > Email Service.

The activation code expires if not activated within the 3-day time period by default. However, the expiry time period is configurable.

To configure the time period (in hours) for FortiToken Mobile, using the CLI:

config system global

set two-factor-ftm-expiry <1-168>

end

Note

To resend the email or SMS with the activation code, refer to the Managing FortiTokens section.

Provisioning FortiToken Mobile

Once registered, FortiTokens need to be provisioned for users before they can be activated. In this example, you will provision a mobile token for a local user. Similar steps can be taken to assign FortiTokens to other types of users.

To create a local user and assign a FortiToken in the FortiGate GUI:
  1. Go to User & Authentication > User Definition, and click Create New. The Users/Groups Creation Wizard appears.
  2. In the User Type tab, select Local User, and click Next.

  3. In the Login Credentials tab, enter a Username and Password for the user, and click Next.

  4. In the Contact Info tab:
    1. Enable the Two-factor Authentication toggle.
    2. Select FortiToken for Authentication Type.
    3. Select a Token to assign to the user from the drop-down list.
    4. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
    5. Click Next.

  5. In the Extra Info tab, make sure the User Account Status field is set to Enabled. You can also optionally assign the user to a user group by enabling the User Group toggle.

  6. Click Submit. An activation code should be sent to the created user by email or SMS, depending upon the delivery method configured above.
Note

FortiGate has the Email Service setting configured using the server notifications.fortinet.net by default. To see configuration, go to System > Settings > Email Service.

The activation code expires if not activated within the 3-day time period by default. However, the expiry time period is configurable.

To configure the time period (in hours) for FortiToken Mobile, using the CLI:

config system global

set two-factor-ftm-expiry <1-168>

end

Note

To resend the email or SMS with the activation code, refer to the Managing FortiTokens section.