Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Provisioning FortiToken Cloud

To assign a FortiToken Cloud to a local or remote user using a FortiGate or FortiAuthenticator, the device must be registered on the same account as the FortiToken Cloud contracts. This topic focuses on provisioning FortiToken Cloud on FortiGate. For more information about provisioning FortiToken Cloud on FortiAuthenticator, see Getting Started—FAC-FTC users.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Enable the FortiToken Cloud service from the CLI:

    config system global

    set fortitoken-cloud-service enable

    end

  2. Go to User & Authentication > User Definition.
  3. Edit an existing user, or create a new user using the Users/Groups Creation Wizard.
  4. Enable the Two-factor Authentication toggle.
  5. Select FortiToken Cloud for Authentication Type.
  6. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
  7. Click OK.

To configure centralized token authentication in the cloud on the FortiGate using the CLI:
  1. Enable the FortiToken Cloud service feature:
    config system global
        set fortitoken-cloud-service enable
    end
  2. Assign the token to local users or administrators using the fortitoken-cloud option:
    config user local
        edit "guest"
            set type password
            set two-factor fortitoken-cloud   
            set email-to .........
            ...
        next
    end

The following commands can be used to manage FortiToken Cloud users:

Command

Description

diagnose ftk-cloud show users

Show all current users on the FortiToken Cloud server.

diagnose ftk-cloud delete user <username>

Delete the specified user from FortiToken Cloud.

diagnose ftk-cloud sync

Update the information on the FortiToken Cloud server after changing an email address or phone number on the FortiGate.

diagnose ftk-cloud server <server_ip>

Change the current FortiToken Cloud server. All FortiToken Cloud related operations on the FortiGate will be synchronized with the new server.

Provisioning FortiToken Cloud

To assign a FortiToken Cloud to a local or remote user using a FortiGate or FortiAuthenticator, the device must be registered on the same account as the FortiToken Cloud contracts. This topic focuses on provisioning FortiToken Cloud on FortiGate. For more information about provisioning FortiToken Cloud on FortiAuthenticator, see Getting Started—FAC-FTC users.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Enable the FortiToken Cloud service from the CLI:

    config system global

    set fortitoken-cloud-service enable

    end

  2. Go to User & Authentication > User Definition.
  3. Edit an existing user, or create a new user using the Users/Groups Creation Wizard.
  4. Enable the Two-factor Authentication toggle.
  5. Select FortiToken Cloud for Authentication Type.
  6. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
  7. Click OK.

To configure centralized token authentication in the cloud on the FortiGate using the CLI:
  1. Enable the FortiToken Cloud service feature:
    config system global
        set fortitoken-cloud-service enable
    end
  2. Assign the token to local users or administrators using the fortitoken-cloud option:
    config user local
        edit "guest"
            set type password
            set two-factor fortitoken-cloud   
            set email-to .........
            ...
        next
    end

The following commands can be used to manage FortiToken Cloud users:

Command

Description

diagnose ftk-cloud show users

Show all current users on the FortiToken Cloud server.

diagnose ftk-cloud delete user <username>

Delete the specified user from FortiToken Cloud.

diagnose ftk-cloud sync

Update the information on the FortiToken Cloud server after changing an email address or phone number on the FortiGate.

diagnose ftk-cloud server <server_ip>

Change the current FortiToken Cloud server. All FortiToken Cloud related operations on the FortiGate will be synchronized with the new server.