Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Assigning a FortiToken to a user account

    Assigning a FortiToken to a user account

    FortiTokens need to be assigned to users before they can be used for two-factor authentication. In this example, you will assign a FortiToken to a local user. Similar steps can be taken for other types of users (see Creating or editing a user). You can also assign a token to administrators and captive portal users.

    To assign a FortiToken to a local user in the FortiProxy GUI:
    1. For hard tokens, ensure that you have registered and activated them. See Registering and activating a hard token.
    2. Go to User & Authentication > User Definition, and click Create New. The Users/Groups Creation Wizard appears.
    3. In the User Type tab, select Local User, and click Next.

    4. In the Login Credentials tab, enter a Username and Password for the user, and click Next.

    5. In the Contact Info tab:
      1. Enable the Two-factor Authentication toggle.
      2. Select FortiToken for Authentication Type.
      3. Select a Token to assign to the user from the dropdown list.
        note icon

        • Hard tokens must be registered and activated first before they appear in the dropdown list. See Registering and activating a hard token.

        • Mobile tokens are limited to the two free trial tokens on FortiProxy. You cannot add or import any other mobile tokens.

      4. Enter the user's email address in the Email Address field.

        For mobile tokens, FortiProxy will send the QR code for activation to this email.

        Note

        FortiProxy has the Email Service setting configured using the server notifications.fortinet.net by default. To see configuration, go to System > Settings > Email Service.

      5. Click Next.

    6. In the Extra Info tab, make sure the User Account Status field is set to Enabled. You can also optionally assign the user to a user group by enabling the User Group toggle.

    7. Click Submit.

      For mobile tokens, an activation code will be sent to the created user by email or SMS, depending upon the configured delivery method. By default, the activation code expires if not activated within 3 days. You can configure the expiry time period (in hours) by running the following command:

      config system global

      set two-factor-ftm-expiry <1-168>

      end

      Note

      To resend the email or SMS with the activation code, refer to the Managing FortiTokens section.

    To assign a FortiToken to a local user account in the FortiProxy CLI:

    config user local

    edit <username>

    set type password

    set passwd "myPassword"

    set two-factor fortitoken

    set fortitoken <serial_number>

    set email-to "username@example.com"

    set status enable

    next

    end

    Note

    Before you can use a new FortiToken, you may need to synchronize it due to clock drift.

    Users assigned a mobile token must follow the steps in Activating a mobile token to activate the mobile token before using it.

    Previous
    Next

    Assigning a FortiToken to a user account

    Assigning a FortiToken to a user account

    FortiTokens need to be assigned to users before they can be used for two-factor authentication. In this example, you will assign a FortiToken to a local user. Similar steps can be taken for other types of users (see Creating or editing a user). You can also assign a token to administrators and captive portal users.

    To assign a FortiToken to a local user in the FortiProxy GUI:
    1. For hard tokens, ensure that you have registered and activated them. See Registering and activating a hard token.
    2. Go to User & Authentication > User Definition, and click Create New. The Users/Groups Creation Wizard appears.
    3. In the User Type tab, select Local User, and click Next.

    4. In the Login Credentials tab, enter a Username and Password for the user, and click Next.

    5. In the Contact Info tab:
      1. Enable the Two-factor Authentication toggle.
      2. Select FortiToken for Authentication Type.
      3. Select a Token to assign to the user from the dropdown list.
        note icon

        • Hard tokens must be registered and activated first before they appear in the dropdown list. See Registering and activating a hard token.

        • Mobile tokens are limited to the two free trial tokens on FortiProxy. You cannot add or import any other mobile tokens.

      4. Enter the user's email address in the Email Address field.

        For mobile tokens, FortiProxy will send the QR code for activation to this email.

        Note

        FortiProxy has the Email Service setting configured using the server notifications.fortinet.net by default. To see configuration, go to System > Settings > Email Service.

      5. Click Next.

    6. In the Extra Info tab, make sure the User Account Status field is set to Enabled. You can also optionally assign the user to a user group by enabling the User Group toggle.

    7. Click Submit.

      For mobile tokens, an activation code will be sent to the created user by email or SMS, depending upon the configured delivery method. By default, the activation code expires if not activated within 3 days. You can configure the expiry time period (in hours) by running the following command:

      config system global

      set two-factor-ftm-expiry <1-168>

      end

      Note

      To resend the email or SMS with the activation code, refer to the Managing FortiTokens section.

    To assign a FortiToken to a local user account in the FortiProxy CLI:

    config user local

    edit <username>

    set type password

    set passwd "myPassword"

    set two-factor fortitoken

    set fortitoken <serial_number>

    set email-to "username@example.com"

    set status enable

    next

    end

    Note

    Before you can use a new FortiToken, you may need to synchronize it due to clock drift.

    Users assigned a mobile token must follow the steps in Activating a mobile token to activate the mobile token before using it.

    Previous
    Next