Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    26.2.0
    26.2.0

    Support for EU GDPR

    Support for EU GDPR

    FortiIdentity Cloud (FIC) supports EU's General Data Protection Regulation (GDPR) compliance by offering data residency in European Union (EU)-based data centers, ensuring that personal data remains within GDPR jurisdictions. It collects only minimal personal information necessary for authentication and ensures that all data is encrypted both in transit and in residency. The service supports user consent management, data access, and deletion requests in line with GDPR rights. With granular access controls, audit logging, and documented breach response procedures, FIC enables organizations to maintain accountability and transparency. Fortinet also provides Data Processing Agreements (DPAs) to clarify roles and responsibilities under the regulation.

    FIC's Support for EU GDPR enables our EU customers to select data centers located within the European Union. This regional support enhances data sovereignty, supports lawful data processing, and aligns with the GDPR's requirements for data residency, security, and user rights.

    New customers

    New EU customers can sign up directly through the eufic.fortinet.com portal by selecting EU (European Union) during sign-up to have their account provisioned for the EU region, as shown in the following screen capture. The admin can then register any new device to this account.

    Alternatively, if you have a device running on FortiOS 7.4.8, you can update the system to point to EU region and initiate the account from the FortiGate CLI:

    1. In FortiOS, run config system global.

      2. Tooltip

      Make sure that set fortitoken-cloud-region is set to eufic.fortinet.com, as shown in the following screen capture.

    2. Run execute fortitoken-cloud trial. This should set the FIC account specifically for the EU region.

    Device Migration

    Tooltip

    Existing FIC customers in EU countries with their accounts originally set up for North America cannot migrate their data or services to the EU region retroactively. Instead, they must delete end users from the devices and their FIC account, create their new accounts by selecting the EU region, and add the devices and end users to their new accounts.
    Case 1: Migrating devices from an existing account in North America to a new account in EU

    1. Delete all users on the device(s) using FIC portal. Ensure that the device(s) is/are deleted in FIC as well.

    2. Submit a request with FortiCare (support.fortinet.com) to transfer the device(s) to your new EU account.

    3. Refer to Transferring devices on FIC.

    4. After successful transferring the device(s) to your EU account, add the users to the device(s). This will synch the users and the device(s) to your new EU account.

    Case 2: Moving the same account from North America to EU

    1. Delete all users from the device(s) and FIC using FIC portal.

    2. In FortiOS 7.4.8, reset the region first before proceeding to the next steps.

    3. Run execute fortitoken cloud region-reset.

    4. Log in to eufic.fortinet.com with the same account and be sure to choose EU (European Union) when setting the region.

    5. Alternatively, in a FortiOS 7.4.8 device that is registered with the account, you can set global config to EU, and then add a user which will synch to the EU account. Other devices in the same account will now be able to synch to the EU account.

    For existing accounts using SSO application

    1. Create a new account in eufic.fortinet.com.

    2. Recreate all SSO applications, user source(s), and SSO application users in the new EU account. (Note: The same step applies to local IdP users as well.)

    Adding devices

    To add a new FortiGate device (running on FortiOS 7.4.8 or later) to an existing EUFIC account, you must first ensure that the device is registered to the same FortiCare account as the EUFIC service and then connect the FortiGate to the EUFIC region using one of the following methods in FortiOS:

    • Run the command: 

      config system global
    set fortitoken-cloud-region eufic.fortinet.com
end

    • Run the command:

      execute fortitoken-cloud region-info

      This command communicates with FortiIdentity Cloud to retrieve the account details and will automatically populate the eufic.fortinet.com region setting under config system global.

    • Create a new user with FortiToken Cloud for two-factor authentication

      When you create a new user in the FortiGate and enable it for FortiToken Cloud for two-factor authentication, the system will automatically update the fortitoken-cloud-region to eufic.fortinet.com in the global configuration.

    Previous
    Next

    Support for EU GDPR

    Support for EU GDPR

    FortiIdentity Cloud (FIC) supports EU's General Data Protection Regulation (GDPR) compliance by offering data residency in European Union (EU)-based data centers, ensuring that personal data remains within GDPR jurisdictions. It collects only minimal personal information necessary for authentication and ensures that all data is encrypted both in transit and in residency. The service supports user consent management, data access, and deletion requests in line with GDPR rights. With granular access controls, audit logging, and documented breach response procedures, FIC enables organizations to maintain accountability and transparency. Fortinet also provides Data Processing Agreements (DPAs) to clarify roles and responsibilities under the regulation.

    FIC's Support for EU GDPR enables our EU customers to select data centers located within the European Union. This regional support enhances data sovereignty, supports lawful data processing, and aligns with the GDPR's requirements for data residency, security, and user rights.

    New customers

    New EU customers can sign up directly through the eufic.fortinet.com portal by selecting EU (European Union) during sign-up to have their account provisioned for the EU region, as shown in the following screen capture. The admin can then register any new device to this account.

    Alternatively, if you have a device running on FortiOS 7.4.8, you can update the system to point to EU region and initiate the account from the FortiGate CLI:

    1. In FortiOS, run config system global.

      2. Tooltip

      Make sure that set fortitoken-cloud-region is set to eufic.fortinet.com, as shown in the following screen capture.

    2. Run execute fortitoken-cloud trial. This should set the FIC account specifically for the EU region.

    Device Migration

    Tooltip

    Existing FIC customers in EU countries with their accounts originally set up for North America cannot migrate their data or services to the EU region retroactively. Instead, they must delete end users from the devices and their FIC account, create their new accounts by selecting the EU region, and add the devices and end users to their new accounts.
    Case 1: Migrating devices from an existing account in North America to a new account in EU

    1. Delete all users on the device(s) using FIC portal. Ensure that the device(s) is/are deleted in FIC as well.

    2. Submit a request with FortiCare (support.fortinet.com) to transfer the device(s) to your new EU account.

    3. Refer to Transferring devices on FIC.

    4. After successful transferring the device(s) to your EU account, add the users to the device(s). This will synch the users and the device(s) to your new EU account.

    Case 2: Moving the same account from North America to EU

    1. Delete all users from the device(s) and FIC using FIC portal.

    2. In FortiOS 7.4.8, reset the region first before proceeding to the next steps.

    3. Run execute fortitoken cloud region-reset.

    4. Log in to eufic.fortinet.com with the same account and be sure to choose EU (European Union) when setting the region.

    5. Alternatively, in a FortiOS 7.4.8 device that is registered with the account, you can set global config to EU, and then add a user which will synch to the EU account. Other devices in the same account will now be able to synch to the EU account.

    For existing accounts using SSO application

    1. Create a new account in eufic.fortinet.com.

    2. Recreate all SSO applications, user source(s), and SSO application users in the new EU account. (Note: The same step applies to local IdP users as well.)

    Adding devices

    To add a new FortiGate device (running on FortiOS 7.4.8 or later) to an existing EUFIC account, you must first ensure that the device is registered to the same FortiCare account as the EUFIC service and then connect the FortiGate to the EUFIC region using one of the following methods in FortiOS:

    • Run the command: 

      config system global
    set fortitoken-cloud-region eufic.fortinet.com
end

    • Run the command:

      execute fortitoken-cloud region-info

      This command communicates with FortiIdentity Cloud to retrieve the account details and will automatically populate the eufic.fortinet.com region setting under config system global.

    • Create a new user with FortiToken Cloud for two-factor authentication

      When you create a new user in the FortiGate and enable it for FortiToken Cloud for two-factor authentication, the system will automatically update the fortitoken-cloud-region to eufic.fortinet.com in the global configuration.

    Previous
    Next