Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Examples

    Home FortiPAM 1.2.0 Examples
    1.2.0
    1.4.0
    1.3.0
    1.2.0
    1.1.0
    1.0.0

    Creating a secret with TOTP enabled

    Creating a secret with TOTP enabled

    Here, we create a secret with TOTP enabled using the secret template configured in Configuring a secret template with TOTP.

    In case, you require special TOTP setting for the secret, you can:

    • Ask the administrator to change the secret TOTP setting using the CLI or change it yourself if you have the CLI permission.

    • Clone a new secret template and configure the TOTP setting according to your requirement.
    To create a secret with TOTP enabled:
    1. Go to Secrets > Secret List.
    2. In Secret List, select Create.

      The Create New Secret in: dialog appears.

    3. Select the folder where you intend to add the secret.
    4. Select Create Secret.

      The New Secret window opens.

    5. Enter a name of the secret.
    6. In the Template dropdown, select the template created in Configuring a secret template with TOTP.
    7. In the Fields pane:
      1. In Username, enter a username.
      2. In URL, enter the URL for the target server.
    8. In the TOTP Setting pane:
      1. Enable TOTP Status.
      2. In Verification Code with, select FortiToken.

        If the target server uses a 3rd party TOTP solution such as Google Authenticator, select 3rd Party.

      3. When using FortiToken Mobile as the TOTP mobile application, an activation code from the FortiToken Mobile token issuer is required to activate the token. In that case, you must provide the activation token, and FortiPAM then acts as a surrogate for the FortiToken Mobile application.

        In Activation Code, enter the FortiToken Mobile activation code.

        When 3rd Party is selected in Verification Code with, enter the shared key instead.

        One of the ways you receive a shared key from a 3rd party provider is by scanning QR code. Usually, when you enable TOTP service, the 3rd party provider should send you a message that includes the shared key.

        For example, in case of Google Authenticator, you receive a QR code once you enable the TOTP service. By scanning the QR code, you receive a string of random numbers and characters. This string is the shared key.

    9. Click Submit.

    SSH authentication challenge setting

    If the SSH target server requires a keyboard-interactive authentication, it requests one or more challenge responses during the authentication process.

    In most cases, when a challenge/response occurs, the server asks for a password or code. The client must respond with the corresponding password or code.

    In FortiPAM, password and code, i.e., TOTP or any other code, are the two built-in case tolerant challenge patterns.

    If a more specific challenge is required, you can add a new challenge pattern to FortiPAM via the CLI:

     config ssh-challenge pattern
  edit a-new-pattern
   set type password
  next
 end
    Previous
    Next

    Creating a secret with TOTP enabled

    Creating a secret with TOTP enabled

    Here, we create a secret with TOTP enabled using the secret template configured in Configuring a secret template with TOTP.

    In case, you require special TOTP setting for the secret, you can:

    • Ask the administrator to change the secret TOTP setting using the CLI or change it yourself if you have the CLI permission.

    • Clone a new secret template and configure the TOTP setting according to your requirement.
    To create a secret with TOTP enabled:
    1. Go to Secrets > Secret List.
    2. In Secret List, select Create.

      The Create New Secret in: dialog appears.

    3. Select the folder where you intend to add the secret.
    4. Select Create Secret.

      The New Secret window opens.

    5. Enter a name of the secret.
    6. In the Template dropdown, select the template created in Configuring a secret template with TOTP.
    7. In the Fields pane:
      1. In Username, enter a username.
      2. In URL, enter the URL for the target server.
    8. In the TOTP Setting pane:
      1. Enable TOTP Status.
      2. In Verification Code with, select FortiToken.

        If the target server uses a 3rd party TOTP solution such as Google Authenticator, select 3rd Party.

      3. When using FortiToken Mobile as the TOTP mobile application, an activation code from the FortiToken Mobile token issuer is required to activate the token. In that case, you must provide the activation token, and FortiPAM then acts as a surrogate for the FortiToken Mobile application.

        In Activation Code, enter the FortiToken Mobile activation code.

        When 3rd Party is selected in Verification Code with, enter the shared key instead.

        One of the ways you receive a shared key from a 3rd party provider is by scanning QR code. Usually, when you enable TOTP service, the 3rd party provider should send you a message that includes the shared key.

        For example, in case of Google Authenticator, you receive a QR code once you enable the TOTP service. By scanning the QR code, you receive a string of random numbers and characters. This string is the shared key.

    9. Click Submit.

    SSH authentication challenge setting

    If the SSH target server requires a keyboard-interactive authentication, it requests one or more challenge responses during the authentication process.

    In most cases, when a challenge/response occurs, the server asks for a password or code. The client must respond with the corresponding password or code.

    In FortiPAM, password and code, i.e., TOTP or any other code, are the two built-in case tolerant challenge patterns.

    If a more specific challenge is required, you can add a new challenge pattern to FortiPAM via the CLI:

     config ssh-challenge pattern
  edit a-new-pattern
   set type password
  next
 end
    Previous
    Next