Registering and activating a hard token
Hard tokens must be registered and activated before they can be assigned to a user (see Assigning a FortiToken to a user account).
The activation requires connection to FortiGuard servers so that FortiProxy can successfully query FortiGuard servers about the validity of the token. Each token can only be used on a single FortiProxy or FortiAuthenticator. Tokens already registered are deemed invalid for re-activation on another device. FortiProxy encrypts the serial number and information before sending it for added security.
To register and activate hard tokens in the GUI:
- Go to User & Authentication > FortiTokens.
- Click Create New.
- In the Serial Number field, enter one or more FortiToken serial numbers.
Alternatively, click Import and upload a serial number file or seed file.
Seed files are only used with FortiToken-200CD. These are special hardware tokens that come with FortiToken seeds on a CD. See the FortiToken Comprehensive Guide for details.
- Click OK.
-
In the token list, right-click the token(s) you just registered (with an Available status) and click Activate.
- Click Refresh. The selected hard tokens are activated.
To register individual hard tokens by serial number in the CLI:
activate hard tokens in the FortiProxy CLI:
config user fortitoken
edit <serial_number>
next
edit <serial_number2>
next
end
To import hard tokens to the FortiProxy unit via a serial number file or seed file in the CLI:
execute fortitoken import ftp <file name> <ip>[:ftp port] <Enter> <user> <password>
execute fortitoken import tftp <file name> <ip>
execute fortitoken import usb <file name>
|
|
The serial number file must be a text file with one FortiToken serial number per line. FortiToken seed files can be imported from FTP and TFTP servers, or a USB drive. |
To activate hard tokens in the CLI:
config user fortitoken
edit <token_serial_num>
set status activate
next
end