Version:


Table of Contents

Admin Guide

Download PDF
Copy Link

Users

The term "users" refers to end-users of FortiToken Cloud. The Users page displays the following information about FTC end-users in your account. You can open the Users page by clicking Users on the main menu.

Column

Description

Checkbox

This checkbox only applies to users who use FTM for MFA. It enables you to select a user, and then click the NEW FTM TOKEN button to request a new FTM token for the user. See Get a new token.

Username

The username of an FTC end-user.

Status

The status of a user, which can be a combination of any of the following:

  • (active)—The user is enabled.
  • Note: By default, all new users are enabled to use FTC for MFA. The FTC administrator can click this button to quickly deactivate a user when necessary. For more information, see the following bullet.

  • (disabled)—This button enables the administrator to temporarily stop the user from using FTC.
  • Note: If a user is disabled, FTC will deny all log-in requests from the user. It must be noted that disabling a user only prevents the user from using FTC, but does not remove the user from your account. FTC will continue counting it toward your user quota for the user until the user is removed from your account. An admin user can also click this button to re-enable a disabled user.

  • (locked)—The user is locked out.
  • Note: FTC locks a user out when he or she has exceeded the specified maximum number of log-in attempts allowed. See Settings.

  • (unlocked)—The user is unlocked.
  • Note: FTC automatically unlocks users based on their lockout settings. The admin user can also manually unlock a locked user by clicking the (locked) button.

  • (pending)—A token assigned to the user has not been activated yet.
  • (expired)—The user's token activation code has expired.
  • (bypass)—The user is allowed to bypass MFA.
  • (no bypass)—The user is not allowed to bypass MFA.
  • Note: The admin user can enable MFA bypass on a user from here only if Enable Bypass is enabled on the Settings page. See Settings. Otherwise, when you click the (no bypass) icon, a tool tip will appear asking you to turn on Enable Bypass on the Settings page.

MFA Method

The user's MFA method, which can be one of the following:

  • FTM (soft token)
  • Email
  • SMS
  • FTK (FortiToken, a hardware token)

Token SN

The serial number of a token.

Note: A serial number that starts with "FTC" indicates that it is a FortiToken Cloud token; a serial number that starts with "FTK" indicates that it is a FortiToken.

Notification Method

The method by which FTC sends FTM token activation/transfer notifications to the user, which can be either of the following:

  • Email—FTC sends FTM token activation/transfer notifications to the user's email address.
  • SMS—FTC sends FTM token activation/transfer notifications by SMS to the user's mobile phone.

Note: If the user's notification method is set to SMS, make sure that the mobile phone number in the system is valid, and that you have enough credits in your account to send OTPs by SMS. For more information, see Settings.

Email

The user's email address.

Note: The admin user is able to edit users' email addresses.

Mobile Phone

The user's mobile phone number, if available.

Note: The phone number must be in the format of "+ Country Code Area Code Phone Number", e.g., +1 4082221234. An admin use can edit an end-user's mobile phone numbers.

Auth Client Count

The number of auth clients.

Create Date

The date on which the user is added.

Tool Bar

The tool bar slides in from the right end of the row when you hover the cursor over an entry. It has an Edit tool button that enables you to make changes to the user's settings.

Get a new FTM token

You can request a new FTM token for an end-user only if the user's current MFA method is FTM.

  1. On the Users page, select the user of interest.
  2. On top of the table, click NEW FTM TOKEN.
  3. Follow the prompts onscreen to request a new FTM token for the user.

Auto-assign FTKs to selected users

Note

The Auto-assign FTK button enables FTC to automatically assign available FTKs to selected users.

  1. Select the users of interest.
  2. Click the Auto-assign FTK button.

Add user aliases

Note

The Add User Alias button becomes available only when Auto-alias by Email is enabled on theSettings page of a realm. It enables you to select users of interest on the Users page, and group them together using an alias. Aliased users show up in bold font on the Users page.

  1. Select the users of interest.
  2. Click Add User Alias.
  3. Follow the prompts onscreen to create an alias.

Hide/Show full FortiAuthenticator username

By default, the usernames of FTC users created on FortiAuthenticator (FAC) show up with prefixed and suffixed characters in corner brackets on the FTC GUI. This is due to the fact that FAC differentiates the same username populated by multiple user sources. The Users page provides an option to let you toggle between showing and hiding those extra characters.

To hide/show the extra characters in the usernames of users added on FAC, click Hide/Show Full FAC Username.

View a user's auth clients

  1. On the Users page, identify the user of interest.
  2. Click the numeric value in the Auth Client Count column.
  3. A window opens, showing the auth client(s) which the user uses.

  4. Click Close to close the window.

Edit a user

  1. On the Users page, identify the user of interest, and mouse over it.
  2. Click the slide-in Edit User button to open the Edit User dialog.
  3. Make the desired changes as described in the following table, and click Apply when done.

Field

Description

Auth Method

Click the down arrow, and select a desired authentication method from the drop-down menu:

  • FTM
  • Email
  • SMS (Note: This option requires a valid mobile phone number.)
  • FTK
Notification Method Note: This field applies only when you set Auth Method to FTM. See above.
Token SN This field is read only, and cannot be edited.
Email Make the desired changes to the email address.
Mobile Phone

Click the down arrow to select the country code, and then enter a valid phone number.

Note: This field is required when Auth Method and/or Notification Method is set to SMS, as stated above.

Changes that you've made here become effective when you click Apply. A error message will pop up if the system encounters an error when validating the changes. In that case, you must correct the error and try to apply the changes again.

Users

The term "users" refers to end-users of FortiToken Cloud. The Users page displays the following information about FTC end-users in your account. You can open the Users page by clicking Users on the main menu.

Column

Description

Checkbox

This checkbox only applies to users who use FTM for MFA. It enables you to select a user, and then click the NEW FTM TOKEN button to request a new FTM token for the user. See Get a new token.

Username

The username of an FTC end-user.

Status

The status of a user, which can be a combination of any of the following:

  • (active)—The user is enabled.
  • Note: By default, all new users are enabled to use FTC for MFA. The FTC administrator can click this button to quickly deactivate a user when necessary. For more information, see the following bullet.

  • (disabled)—This button enables the administrator to temporarily stop the user from using FTC.
  • Note: If a user is disabled, FTC will deny all log-in requests from the user. It must be noted that disabling a user only prevents the user from using FTC, but does not remove the user from your account. FTC will continue counting it toward your user quota for the user until the user is removed from your account. An admin user can also click this button to re-enable a disabled user.

  • (locked)—The user is locked out.
  • Note: FTC locks a user out when he or she has exceeded the specified maximum number of log-in attempts allowed. See Settings.

  • (unlocked)—The user is unlocked.
  • Note: FTC automatically unlocks users based on their lockout settings. The admin user can also manually unlock a locked user by clicking the (locked) button.

  • (pending)—A token assigned to the user has not been activated yet.
  • (expired)—The user's token activation code has expired.
  • (bypass)—The user is allowed to bypass MFA.
  • (no bypass)—The user is not allowed to bypass MFA.
  • Note: The admin user can enable MFA bypass on a user from here only if Enable Bypass is enabled on the Settings page. See Settings. Otherwise, when you click the (no bypass) icon, a tool tip will appear asking you to turn on Enable Bypass on the Settings page.

MFA Method

The user's MFA method, which can be one of the following:

  • FTM (soft token)
  • Email
  • SMS
  • FTK (FortiToken, a hardware token)

Token SN

The serial number of a token.

Note: A serial number that starts with "FTC" indicates that it is a FortiToken Cloud token; a serial number that starts with "FTK" indicates that it is a FortiToken.

Notification Method

The method by which FTC sends FTM token activation/transfer notifications to the user, which can be either of the following:

  • Email—FTC sends FTM token activation/transfer notifications to the user's email address.
  • SMS—FTC sends FTM token activation/transfer notifications by SMS to the user's mobile phone.

Note: If the user's notification method is set to SMS, make sure that the mobile phone number in the system is valid, and that you have enough credits in your account to send OTPs by SMS. For more information, see Settings.

Email

The user's email address.

Note: The admin user is able to edit users' email addresses.

Mobile Phone

The user's mobile phone number, if available.

Note: The phone number must be in the format of "+ Country Code Area Code Phone Number", e.g., +1 4082221234. An admin use can edit an end-user's mobile phone numbers.

Auth Client Count

The number of auth clients.

Create Date

The date on which the user is added.

Tool Bar

The tool bar slides in from the right end of the row when you hover the cursor over an entry. It has an Edit tool button that enables you to make changes to the user's settings.

Get a new FTM token

You can request a new FTM token for an end-user only if the user's current MFA method is FTM.

  1. On the Users page, select the user of interest.
  2. On top of the table, click NEW FTM TOKEN.
  3. Follow the prompts onscreen to request a new FTM token for the user.

Auto-assign FTKs to selected users

Note

The Auto-assign FTK button enables FTC to automatically assign available FTKs to selected users.

  1. Select the users of interest.
  2. Click the Auto-assign FTK button.

Add user aliases

Note

The Add User Alias button becomes available only when Auto-alias by Email is enabled on theSettings page of a realm. It enables you to select users of interest on the Users page, and group them together using an alias. Aliased users show up in bold font on the Users page.

  1. Select the users of interest.
  2. Click Add User Alias.
  3. Follow the prompts onscreen to create an alias.

Hide/Show full FortiAuthenticator username

By default, the usernames of FTC users created on FortiAuthenticator (FAC) show up with prefixed and suffixed characters in corner brackets on the FTC GUI. This is due to the fact that FAC differentiates the same username populated by multiple user sources. The Users page provides an option to let you toggle between showing and hiding those extra characters.

To hide/show the extra characters in the usernames of users added on FAC, click Hide/Show Full FAC Username.

View a user's auth clients

  1. On the Users page, identify the user of interest.
  2. Click the numeric value in the Auth Client Count column.
  3. A window opens, showing the auth client(s) which the user uses.

  4. Click Close to close the window.

Edit a user

  1. On the Users page, identify the user of interest, and mouse over it.
  2. Click the slide-in Edit User button to open the Edit User dialog.
  3. Make the desired changes as described in the following table, and click Apply when done.

Field

Description

Auth Method

Click the down arrow, and select a desired authentication method from the drop-down menu:

  • FTM
  • Email
  • SMS (Note: This option requires a valid mobile phone number.)
  • FTK
Notification Method Note: This field applies only when you set Auth Method to FTM. See above.
Token SN This field is read only, and cannot be edited.
Email Make the desired changes to the email address.
Mobile Phone

Click the down arrow to select the country code, and then enter a valid phone number.

Note: This field is required when Auth Method and/or Notification Method is set to SMS, as stated above.

Changes that you've made here become effective when you click Apply. A error message will pop up if the system encounters an error when validating the changes. In that case, you must correct the error and try to apply the changes again.