Realm
The Settings>Realm page provides tools for managing the settings of the selected realm. The page has the following tabs:
To configure or update the settings of the realm:
- On the main menu, click Settings>Realm.
- On top of the page, click the down arrow, and select a realm of interest from the drop-down list menu.
- Click a desired tab to open the page for that setting, make the desired changes as described in the following tables, and click Apply Changes.
- Repeat Step 3 above to configure or update the other settings of the realm.
General Setting
Parameter |
Default value |
---|---|
MFA Method |
Select the method that FTC uses to further authenticate your end-users upon receiving their login credentials (i.e., username and password).
|
Max Login Attempts Before Lockout |
Click above the horizontal line and specify the number of failed login attempts allowed before lockout. Valid values range from 1 to 25. The default is 7. Note: FTC does not allow locked users to authenticate. Instead, it displays the message "Locked, please try again in <lockout interval> minutes." |
Lockout Period |
Click above the horizontal line and specify a lockout period, which ranges from 60 to 7,200 seconds. The default is 60 seconds. |
Enable Bypass |
Enable or disable bypass.
Note: If Enable Bypass is disabled on the Settings page, the admin user can not enable bypass for FTC end-users on the Users page. See Users. |
Bypass Expiration Time |
(Available only when Enable Bypass is enabled.) Specify the length of time bypass remains in effect. Valid values range from 5 minutes to 72 hours. The default is 1 hour (3,600 seconds). |
Auto-alias by Email |
Enable or disable the Auto-alias by Email feature. Note: The feature is disabled by default. For more information, see Enable Auto-alias by Email. |
Adaptive Auth Profile |
Select an adaptive auth profile. |
Enable Auto-alias by Email
Many FTC end-users have different usernames in different applications and domains. By the same token, the same FTC end-user may have different usernames in different auth clients. For example, a user by the name of John Doe II may have the following usernames:
-
user1
in VPN -
user_one
in a web app -
u1
as a system admin -
user1@company.com
on an email server
FTC allows for different usernames to be attributed to the same user so that only one token needs to be assigned to that user. It does this by providing an Auto-alias by Email option, which, once turned on, enables FTC to automatically put different usernames in an alias if they use the email address.
By default, Auto-alias by Email is disabled, you can enable it using the following procedures:
- On the main menu, click Settings>Realm to open the settings page of the current realm.
- Scroll down the page until you see the Auto-alias by Email option.
- Click the Auto-alias by Email button to enable it.
It is important to note that aliased users must be in the same realm. Usernames with the same email address are still set as unique users if they are in different realms, even when Auto-alias by Email is enabled.
FTM Setting
Parameter |
Default value |
---|---|
1. Settings | |
Enable Push | Click the button to enable or disable push notification. |
Notification Method |
From the drop-down menu, select either of the following:
Note: When Notification Method is set to SMS, make sure that the users' mobile phone numbers in the system are valid. Otherwise, you will get an error when requesting a new token for users on the Users page. See Users. Note: FTC deducts one credit from your credit balance for every 250 SMS messages it sends to deliver OTPs. You may experience some problem sending OTPs by SMS when your credit balance is low, and you will get an error message when trying to send an OTP if there is no credit remaining on your account. In both cases, we strongly recommend that you purchase more credits before attempting to use this feature. |
App PIN Required |
Click the button to enable or disable this feature.
|
PIN Length |
Click the down arrow and, from the drop-down menu, select one of the following:
Note: PIN length refers to the number of digits contained in an app PIN. |
PIN Required Type |
Click the down arrow and, from the drop-down menu, select either of the following:
|
OTP Algorithm |
|
OTP Time Step |
Click the down arrow and, from the drop-down menu, select either of the following:
Note: OTP Time Step refers to the frequency in which FTM token codes are updated. For example, FTC will update FTM token codes once every 30 seconds when OTP Time Step is set to 30. |
OTP Validation Window |
The number of time steps the validation server takes to validate OTPs. Upon receiving an OTP from a client, the validation server computes the OTP using the shared secret key and its current timestamp (not the one used by the client) and compares the OTPs: if the OTPs are generated within the same time step, they match and the validation is successful. |
OTP Display Length |
Click the down arrow and, from the drop-down menu, select either of the following:
Note: OTP Display Length refers to the number of digits contained in a token activation/transfer code. |
Activation Expiration Time |
Click above the horizontal line and specify the length of time token activation codes remain valid. Valid values range from 1 to 336 hours. The default is 72 hours. Note: An FTM Token code must be activated within the set Activation Expiration Time. Otherwise, it will expire and you must request a new token. |
FTM Logo |
This enables admin users to choose logo image displayed at the bottom of the FTM app screen on their end-users' mobile devices.
|
2. Notification Templates |
Select a desired email or SMS message template for each of the following: |
Token Activation Email |
An email template for FTC to send token activation notifications to your end-users. |
Token Transfer Email |
An email template for FTC to send token transfer notifications to your end-users. |
Token Activation SMS |
An SMS template for FTC to send token activation notifications to your end-users. |
Token Transfer SMS |
An SMS template for FTC to send token transfer notifications to your end-users. |
Use a custom logo
FortiToken Cloud offers an option for admin users to upload their own logo image to replace the default Fortinet banner.
To use this feature, you must have your logo image file on your computer, and your logo image file must meet the following requirements:
- File format: Transparent PNG or JPEG
- Max image size: 150 kB, and 320 x 320 pixels
To upload your logo image:
- From the FTC GUI, select Settings.
- Under FTM Logo, click Import file.
- Browse for the logo image, select it, and click Open.
The select image appears near the bottom of the Settings page.
If you want to restore the use of the default Fortinet logo, after uploading a custom logo image, click the Default Logo button.
Email MFA Setting
When an end-user is enabled for MFA, FTC sends a unique OTP to the end-user's email address on file. The end-user must manually copy and past the OTP to FTC to gain access to the auth client (e.g., FGT or FAC).
Parameter | Description |
---|---|
1. Settings | |
OTP Expiration Time |
Click the down arrow to select an OTP expiration time. Note: An OTP is valid only within the specified OTP expiration time, and expires beyond that. The default is 5 minutes. |
OTP Display Length | Click the down arrow to select an OTP display length, which is the number of digits displayed. The default is 6. |
2. Templates | |
OTP Template |
Click the down arrow to select an OTP email template. Note: You can view the content of the selected template by clicking the view button on the right. |
SMS MFA Setting
Once an end-user is enabled for MFA, FTC sends an OTP via text message to the end-users' smart phone. Upon receiving the OTP, the end-user must enter it on the log-in page to gain access to the auth client.
Parameter | Description |
---|---|
1. Settings | |
OTP Expiration Time |
Click the down arrow to select an OTP expiration time. Note: An OTP is valid only within the specified OTP expiration time, and expires beyond that. The default is 5 minutes. |
OTP Display Length | Click the down arrow to select an OTP display length, which is the number of digits displayed. The default is 6. |
2. Templates | |
OTP Template |
Click the down arrow to select an OTP SMS template. Note: You can view the content of the selected template by clicking the view button on the right. |