Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

FortiToken Cloud Provisioning

To assign a FortiToken Cloud to a local or remote user using a FortiGate or FortiAuthenticator, the device must be registered on the same account as the FortiToken Cloud contracts. This guide focuses on provisioning FortiToken Cloud on FortiGate. To know more about provisioning FortiToken Cloud on FortiAuthenticator, refer to the Getting Started—FAC-FTC users document.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Enable the FortiToken Cloud service from the CLI:

    config system global

    set fortitoken-cloud-service enable

    end

  2. Go to User & Device > User Definition.
  3. Edit an existing user, or create a new user using the Users/Groups Creation Wizard.
  4. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
  5. Enable the Two-factor Authentication toggle.
  6. Select FortiToken Cloud for Authentication Type.
  7. Click OK.

To configure centralized token authentication in the cloud on the FortiGate using the CLI:
  1. Enable the FortiToken Cloud service feature:
    config system global
        set fortitoken-cloud-service enable
    end
  2. Assign the token to local users or administrators using the fortitoken-cloud option:
    config user local
        edit "guest"
            set type password
            set two-factor fortitoken-cloud   
            set email-to .........
            ...
        next
    end

The following commands can be used to manage FortiToken Cloud users:

Command

Description

diagnose ftk-cloud show users

Show all current users on the FortiToken Cloud server.

diagnose ftk-cloud delete user <username>

Delete the specified user from FortiToken Cloud.

diagnose ftk-cloud sync

Update the information on the FortiToken Cloud server after changing an email address or phone number on the FortiGate.

diagnose ftk-cloud server <server_ip>

Change the current FortiToken Cloud server. All FortiToken Cloud related operations on the FortiGate will be synchronized with the new server.

FortiToken Cloud Provisioning

To assign a FortiToken Cloud to a local or remote user using a FortiGate or FortiAuthenticator, the device must be registered on the same account as the FortiToken Cloud contracts. This guide focuses on provisioning FortiToken Cloud on FortiGate. To know more about provisioning FortiToken Cloud on FortiAuthenticator, refer to the Getting Started—FAC-FTC users document.

To configure FortiToken Cloud to a local or remote user using a FortiGate:
  1. Enable the FortiToken Cloud service from the CLI:

    config system global

    set fortitoken-cloud-service enable

    end

  2. Go to User & Device > User Definition.
  3. Edit an existing user, or create a new user using the Users/Groups Creation Wizard.
  4. Enter the user's email address in the Email Address field. This is the email where the user will receive the QR code for activation of the FortiToken.
  5. Enable the Two-factor Authentication toggle.
  6. Select FortiToken Cloud for Authentication Type.
  7. Click OK.

To configure centralized token authentication in the cloud on the FortiGate using the CLI:
  1. Enable the FortiToken Cloud service feature:
    config system global
        set fortitoken-cloud-service enable
    end
  2. Assign the token to local users or administrators using the fortitoken-cloud option:
    config user local
        edit "guest"
            set type password
            set two-factor fortitoken-cloud   
            set email-to .........
            ...
        next
    end

The following commands can be used to manage FortiToken Cloud users:

Command

Description

diagnose ftk-cloud show users

Show all current users on the FortiToken Cloud server.

diagnose ftk-cloud delete user <username>

Delete the specified user from FortiToken Cloud.

diagnose ftk-cloud sync

Update the information on the FortiToken Cloud server after changing an email address or phone number on the FortiGate.

diagnose ftk-cloud server <server_ip>

Change the current FortiToken Cloud server. All FortiToken Cloud related operations on the FortiGate will be synchronized with the new server.