Fortinet black logo

Administration Guide

Home FortiPortal 7.0.4 Administration Guide
7.0.4
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Two-factor authentication in FortiPortal example

Two-factor authentication in FortiPortal example

To enable 2FA for a user:
  1. Go to System > Settings > Authentication and enable two-factor authentication.

    Two-factor authentication can be enabled for a local or a remote user.

    Email information is mandatory for 2FA users.

    If the username is the email and no Tenant Identification Attribute is set, the domain part of the email will be used for tenant identification.

  2. Ensure that two-factor authentication is enabled when creating or editing an admin in System > Admins.

    For organizational users, you can enable two-factor authentication when creating a new user or editing an existing user for the organization.

  3. Log in to FortiPortal as the user with two-factor authentication enabled.

    The Activation Code window appears and an activation email is sent to the user.

  4. Click Confirm.
  5. In the Enter your Token Code window, enter token code from the email and click Submit to log in to FortiPortal.

    Alternatively, scan the QR code image in the activation email with the FortiToken mobile application to activate it. Click Submit to log in to FortiPortal.

SSO 2FA users

If the email cannot be used as the username:

  • In the SAML server, SAML user-defined email attribute can be used to set the user email.

  • In FortiPortal, user-defined email attribute name needs to be configured in Email Attribute. See Authentication.

RADIUS 2FA users

Fortinet-Access-Profile attribute can be used to set email if the email cannot be used as the username in the RADIUS server.

FortiAuthenticator users

In FortiAuthenticator, if email cannot be used as the username, you can set the email in the User Information pane when creating or editing a user in Authentication > User Management > Local Users or Authentication > User Management > Remote Users.

Previous
Next

Two-factor authentication in FortiPortal example

To enable 2FA for a user:
  1. Go to System > Settings > Authentication and enable two-factor authentication.

    Two-factor authentication can be enabled for a local or a remote user.

    Email information is mandatory for 2FA users.

    If the username is the email and no Tenant Identification Attribute is set, the domain part of the email will be used for tenant identification.

  2. Ensure that two-factor authentication is enabled when creating or editing an admin in System > Admins.

    For organizational users, you can enable two-factor authentication when creating a new user or editing an existing user for the organization.

  3. Log in to FortiPortal as the user with two-factor authentication enabled.

    The Activation Code window appears and an activation email is sent to the user.

  4. Click Confirm.
  5. In the Enter your Token Code window, enter token code from the email and click Submit to log in to FortiPortal.

    Alternatively, scan the QR code image in the activation email with the FortiToken mobile application to activate it. Click Submit to log in to FortiPortal.

SSO 2FA users

If the email cannot be used as the username:

  • In the SAML server, SAML user-defined email attribute can be used to set the user email.

  • In FortiPortal, user-defined email attribute name needs to be configured in Email Attribute. See Authentication.

RADIUS 2FA users

Fortinet-Access-Profile attribute can be used to set email if the email cannot be used as the username in the RADIUS server.

FortiAuthenticator users

In FortiAuthenticator, if email cannot be used as the username, you can set the email in the User Information pane when creating or editing a user in Authentication > User Management > Local Users or Authentication > User Management > Remote Users.

Previous
Next