Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    FTM MFA settings

    FTM MFA settings

    To configure the FTM settings of a realm:

    1. Click Settings>Realm.

    2. Select the realm.

    3. Click FTM.

    4. Set or update the parameters as described in the following table.

    5. Click Apply Changes.

    Parameter

    Default value
    Settings
    Enable Push Click the button to enable or disable push notification.

    Notification Method

    From the drop-down menu, select either of the following:

    • Email—Token activation/transfer codes are sent to users' email addresses.
    • SMS—Token activation/transfer codes are sent by SMS to users' mobile phone numbers.

    Note: When Notification Method is set to SMS, make sure that the users' mobile phone numbers in the system are valid. Otherwise, you will get an error when requesting a new token for users on the Users page. See Managing users.

    Note: FIC deducts one credit from your credit balance for every 250 SMS messages it sends to deliver OTPs. You may experience some problem sending OTPs by SMS when your credit balance is low, and you will get an error message when trying to send an OTP if there is no credit remaining on your account. In both cases, we strongly recommend that you purchase more credits before attempting to use this feature.

    App PIN Required

    Click the button to enable or disable this feature.

    • Disabled (default)—No app PIN is required.
    • Enable—If enabled, you must select a PIN Length and PIN Required Mode, as described below.

    PIN Length

    Click the down arrow and, from the drop-down menu, select one of the following:

    • 4
    • 6 (default)
    • 8

    Note: PIN length refers to the number of digits contained in an app PIN.

    PIN Required Type

    Click the down arrow and, from the drop-down menu, select either of the following:

    • Anytime—App PIN is required all the time.
    • Unlock—If selected, end-users must have a PIN either on their device or FTM app to access FIC. If an end-user has a PIN on the device, FIC won't ask for a PIN when using FTM; if an end-user does not have a PIN on the device, FIC will ask for a PIN to use FTM.

    OTP Algorithm

    • TOTP (default). No action is needed.

    OTP Time Step

    Click the down arrow and, from the drop-down menu, select either of the following:

    • 30 (default)
    • 60

    Note:OTP Time Step refers to the frequency in which FTM token codes are updated. For example, FIC will update FTM token codes once every 30 seconds when OTP Time Step is set to 30.

    OTP Validation Window

    The number of time steps the validation server takes to validate OTPs.

    Upon receiving an OTP from a client, the validation server computes the OTP using the shared secret key and its current timestamp (not the one used by the client) and compares the OTPs: if the OTPs are generated within the same time step, they match and the validation is successful.

    OTP Display Length

    Click the down arrow and, from the drop-down menu, select either of the following:

    • 6 (default)
    • 8

    Note: OTP Display Length refers to the number of digits contained in a token activation/transfer code.

    Activation Expiration Time

    Click above the horizontal line and specify the length of time token activation codes remain valid. Valid values range from 1 to 336 hours. The default is 72 hours.

    Note: An FTM Token code must be activated within the set Activation Expiration Time. Otherwise, it will expire and you must request a new token.

    Notification Templates

    Token Activation Email

    An email template for FIC to send token activation notifications to your end-users.

    Token Transfer Email

    An email template for FIC to send token transfer notifications to your end-users.

    Token Activation SMS

    An SMS template for FIC to send token activation notifications to your end-users.

    Token Transfer SMS

    An SMS template for FIC to send token transfer notifications to your end-users.
    Previous
    Next

    FTM MFA settings

    FTM MFA settings

    To configure the FTM settings of a realm:

    1. Click Settings>Realm.

    2. Select the realm.

    3. Click FTM.

    4. Set or update the parameters as described in the following table.

    5. Click Apply Changes.

    Parameter

    Default value
    Settings
    Enable Push Click the button to enable or disable push notification.

    Notification Method

    From the drop-down menu, select either of the following:

    • Email—Token activation/transfer codes are sent to users' email addresses.
    • SMS—Token activation/transfer codes are sent by SMS to users' mobile phone numbers.

    Note: When Notification Method is set to SMS, make sure that the users' mobile phone numbers in the system are valid. Otherwise, you will get an error when requesting a new token for users on the Users page. See Managing users.

    Note: FIC deducts one credit from your credit balance for every 250 SMS messages it sends to deliver OTPs. You may experience some problem sending OTPs by SMS when your credit balance is low, and you will get an error message when trying to send an OTP if there is no credit remaining on your account. In both cases, we strongly recommend that you purchase more credits before attempting to use this feature.

    App PIN Required

    Click the button to enable or disable this feature.

    • Disabled (default)—No app PIN is required.
    • Enable—If enabled, you must select a PIN Length and PIN Required Mode, as described below.

    PIN Length

    Click the down arrow and, from the drop-down menu, select one of the following:

    • 4
    • 6 (default)
    • 8

    Note: PIN length refers to the number of digits contained in an app PIN.

    PIN Required Type

    Click the down arrow and, from the drop-down menu, select either of the following:

    • Anytime—App PIN is required all the time.
    • Unlock—If selected, end-users must have a PIN either on their device or FTM app to access FIC. If an end-user has a PIN on the device, FIC won't ask for a PIN when using FTM; if an end-user does not have a PIN on the device, FIC will ask for a PIN to use FTM.

    OTP Algorithm

    • TOTP (default). No action is needed.

    OTP Time Step

    Click the down arrow and, from the drop-down menu, select either of the following:

    • 30 (default)
    • 60

    Note:OTP Time Step refers to the frequency in which FTM token codes are updated. For example, FIC will update FTM token codes once every 30 seconds when OTP Time Step is set to 30.

    OTP Validation Window

    The number of time steps the validation server takes to validate OTPs.

    Upon receiving an OTP from a client, the validation server computes the OTP using the shared secret key and its current timestamp (not the one used by the client) and compares the OTPs: if the OTPs are generated within the same time step, they match and the validation is successful.

    OTP Display Length

    Click the down arrow and, from the drop-down menu, select either of the following:

    • 6 (default)
    • 8

    Note: OTP Display Length refers to the number of digits contained in a token activation/transfer code.

    Activation Expiration Time

    Click above the horizontal line and specify the length of time token activation codes remain valid. Valid values range from 1 to 336 hours. The default is 72 hours.

    Note: An FTM Token code must be activated within the set Activation Expiration Time. Otherwise, it will expire and you must request a new token.

    Notification Templates

    Token Activation Email

    An email template for FIC to send token activation notifications to your end-users.

    Token Transfer Email

    An email template for FIC to send token transfer notifications to your end-users.

    Token Activation SMS

    An SMS template for FIC to send token activation notifications to your end-users.

    Token Transfer SMS

    An SMS template for FIC to send token transfer notifications to your end-users.
    Previous
    Next