Users
The term "users" refers to end-users of FortiToken Cloud. The Users page displays the following information about FTC end-users in your account. You can open the Users page by clicking Users on the main menu.
Column |
Description |
---|---|
Checkbox |
This checkbox only applies to users who use FTM for MFA. It enables you to select a user, and then click the NEW FTM TOKEN button to request a new FTM token for the user. See Get a new token. |
Username |
The username of an FTC end-user. |
Status |
The status of a user, which can be a combination of any of the following:
Note: By default, all new users are enabled to use FTC for MFA. The FTC administrator can click this button to quickly deactivate a user when necessary. For more information, see the following bullet. Note: If a user is disabled, FTC will deny all log-in requests from the user. It must be noted that disabling a user only prevents the user from using FTC, but does not remove the user from your account. FTC will continue counting it toward your user quota for the user until the user is removed from your account. An admin user can also click this button to re-enable a disabled user. Note: FTC locks a user out when he or she has exceeded the specified maximum number of log-in attempts allowed. See Settings.
Note: FTC automatically unlocks users based on their lockout settings. The admin user can also manually unlock a locked user by clicking the (locked) button. Note: The admin user can enable MFA bypass on a user from here only if Enable Bypass is enabled on the Settings page. See Settings. Otherwise, when you click the (no bypass) icon, a tool tip will appear asking you to turn on Enable Bypass on the Settings page. |
MFA Method |
The user's MFA method, which can be one of the following:
|
Token SN |
The serial number of a token. Note: A serial number that starts with "FTC" indicates that it is a FortiToken Cloud token; a serial number that starts with "FTK" indicates that it is a FortiToken. |
Notification Method |
The method by which FTC sends FTM token activation/transfer notifications to the user, which can be either of the following:
Note: If the user's notification method is set to SMS, make sure that the mobile phone number in the system is valid, and that you have enough credits in your account to send OTPs by SMS. For more information, see Settings. |
|
The user's email address. Note: The admin user is able to edit users' email addresses. |
Mobile Phone |
The user's mobile phone number, if available. Note: The phone number must be in the format of "+ Country Code Area Code Phone Number", e.g., +1 4082221234. An admin use can edit an end-user's mobile phone numbers. |
Auth Client Count |
The number of auth clients. |
Create Date |
The date on which the user is added. |
Tool Bar |
The tool bar slides in from the right end of the row when you hover the cursor over an entry. It has an Edit tool button that enables you to make changes to the user's settings. |
Get a new FTM token
|
You can request a new FTM token for an end-user only if the user's current MFA method is FTM. |
- On the Users page, select the user of interest.
- On top of the table, click NEW FTM TOKEN.
- Follow the prompts onscreen to request a new FTM token for the user.
Auto-assign FTKs to selected users
The Auto-assign FTK button enables FTC to automatically assign available FTKs to selected users. |
- Select the users of interest.
- Click the Auto-assign FTK button.
Add user aliases
The Add User Alias button becomes available only when Auto-alias by Email is enabled on theSettings page of a realm. It enables you to select users of interest on the Users page, and group them together using an alias. Aliased users show up in bold font on the Users page. |
- Select the users of interest.
- Click Add User Alias.
- Follow the prompts onscreen to create an alias.
Hide/Show full FortiAuthenticator username
By default, the usernames of FTC users created on FortiAuthenticator (FAC) show up with prefixed and suffixed characters in corner brackets on the FTC GUI. This is due to the fact that FAC differentiates the same username populated by multiple user sources. The Users page provides an option to let you toggle between showing and hiding those extra characters.
To hide/show the extra characters in the usernames of users added on FAC, click Hide/Show Full FAC Username.
View a user's auth clients
- On the Users page, identify the user of interest.
- Click the numeric value in the Auth Client Count column.
- Click Close to close the window.
A window opens, showing the auth client(s) which the user uses.
Edit a user
- On the Users page, identify the user of interest, and mouse over it.
- Click the slide-in Edit User button to open the Edit User dialog.
- Make the desired changes as described in the following table, and click Apply when done.
Field |
Description |
---|---|
Auth Method |
Click the down arrow, and select a desired authentication method from the drop-down menu:
|
Notification Method | Note: This field applies only when you set Auth Method to FTM. See above. |
Token SN | This field is read only, and cannot be edited. |
Make the desired changes to the email address. | |
Mobile Phone |
Click the down arrow to select the country code, and then enter a valid phone number. Note: This field is required when Auth Method and/or Notification Method is set to SMS, as stated above. |
Changes that you've made here become effective when you click Apply. A error message will pop up if the system encounters an error when validating the changes. In that case, you must correct the error and try to apply the changes again.