To synchronize Active Directory users and apply two-factor authentication using FortiToken Cloud, two-factor authentication can be enabled in the
user ldap object definition in FortiOS. By default, FortiOS retrieves all Active Directory users in the LDAP server with a valid email or mobile number (
mobile attributes), and synchronizes the users to FortiToken Cloud. Users are then created on FortiToken Cloud and activation is sent out using email or SMS.
Group filters can be used to reduce the number of the Active Directory users returned, and only synchronize the users who meet the group filter criteria.
For more information about this feature, see Synchronizing LDAP Active Directory users to FortiToken Cloud using the group filter.