Fortinet white logo
Fortinet white logo

User Guide

Configuring a user

Configuring a user

To configure a user:
  1. Go to Security > Firewall Objects.
  2. Select User from the User & Device dropdown.
  3. Click Create or select an existing user from the list and click Edit.
  4. In the form, enter the following information:

    Settings

    Guidelines

    Type

    Select from the following:

    User Name

    Required. Enter a name for the user.

    Disable

    Enable to disable the user.

    Password

    Enter the password.

    This option is only available when Type is set to LOCAL.

    LDAP

    Select the LDAP server.

    This option is only available when Type is set to LDAP.

    Contact Information

    Email

    Enter the email address.

    Two-factor Authentication

    Select from the following:

  5. Click Save.
FortiToken

FortiToken is a disconnected one-time password (OTP) generator. It is a small physical device with a button that when pressed displays a six digit authentication code. This code is entered with a user’s user name and password as two-factor authentication. The code displayed changes every 60 seconds, and when not in use the LCD screen is blanked to extend the battery life.

There is also a mobile phone application, FortiToken Mobile, that performs much the same function.

FortiTokens have a small hole in one end. This is intended for a lanyard to be inserted so the device can be worn around the neck, or easily stored with other electronic devices. Do not put the FortiToken on a key ring as the metal ring and other metal objects can damage it. The FortiToken is an electronic device like a cell phone and must be treated with similar care.

Any time information about the FortiToken is transmitted, it is encrypted. When the FortiPortal unit receives the code that matches the serial number for a particular FortiToken, it is delivered and stored encrypted. This is in keeping with our commitment to keeping your network highly secured.

FortiTokens can be added to user accounts that are local, IPsec VPN, SSL VPN, and even Administrators.A FortiToken can be associated with only one account on one FortiPortal unit.

If you lose your FortiToken, your account can be locked so that it will not be used to falsely access the network. Later if found, that FortiToken can be unlocked on the FortiPortal unit to allow access once again.

Email based two-factor authentication

Two-factor email authentication sends a randomly generated six digit numeric code to the specified email address. Enter that code when prompted at login. This token code is valid for 60 seconds. If you enter this code after that time, it will not be accepted.

A benefit is that you do not require mobile service to authenticate. However, a potential issue is if your email server does not deliver the email before the 60 second life of the token expires.

The code will be generated and emailed at the time of login, so you must have email access at that time to be able to receive the code.

Configuring a user

Configuring a user

To configure a user:
  1. Go to Security > Firewall Objects.
  2. Select User from the User & Device dropdown.
  3. Click Create or select an existing user from the list and click Edit.
  4. In the form, enter the following information:

    Settings

    Guidelines

    Type

    Select from the following:

    User Name

    Required. Enter a name for the user.

    Disable

    Enable to disable the user.

    Password

    Enter the password.

    This option is only available when Type is set to LOCAL.

    LDAP

    Select the LDAP server.

    This option is only available when Type is set to LDAP.

    Contact Information

    Email

    Enter the email address.

    Two-factor Authentication

    Select from the following:

  5. Click Save.
FortiToken

FortiToken is a disconnected one-time password (OTP) generator. It is a small physical device with a button that when pressed displays a six digit authentication code. This code is entered with a user’s user name and password as two-factor authentication. The code displayed changes every 60 seconds, and when not in use the LCD screen is blanked to extend the battery life.

There is also a mobile phone application, FortiToken Mobile, that performs much the same function.

FortiTokens have a small hole in one end. This is intended for a lanyard to be inserted so the device can be worn around the neck, or easily stored with other electronic devices. Do not put the FortiToken on a key ring as the metal ring and other metal objects can damage it. The FortiToken is an electronic device like a cell phone and must be treated with similar care.

Any time information about the FortiToken is transmitted, it is encrypted. When the FortiPortal unit receives the code that matches the serial number for a particular FortiToken, it is delivered and stored encrypted. This is in keeping with our commitment to keeping your network highly secured.

FortiTokens can be added to user accounts that are local, IPsec VPN, SSL VPN, and even Administrators.A FortiToken can be associated with only one account on one FortiPortal unit.

If you lose your FortiToken, your account can be locked so that it will not be used to falsely access the network. Later if found, that FortiToken can be unlocked on the FortiPortal unit to allow access once again.

Email based two-factor authentication

Two-factor email authentication sends a randomly generated six digit numeric code to the specified email address. Enter that code when prompted at login. This token code is valid for 60 seconds. If you enter this code after that time, it will not be accepted.

A benefit is that you do not require mobile service to authenticate. However, a potential issue is if your email server does not deliver the email before the 60 second life of the token expires.

The code will be generated and emailed at the time of login, so you must have email access at that time to be able to receive the code.