Fortinet black logo

Admin Guide

Home FortiToken Cloud Admin Guide

Add remote FortiGate users for FTC service

Add remote FortiGate users for FTC service

Your can use the following commands to configure FortiGate wildcard LDAP users to use FortiToken Cloud for MFA:

config user ldap

edit "EngLDAP"

set server "xxx.xx.xxx.xx"

set cnid "uid"

set dn "dc=srv,dc=world"

set type regular

set two-factor fortitoken-cloud

set username "cn=Manager,dc=srv,dc=world"

set password ENC LWdyb+/k6e4TtSk070tODaCZAcbgEGKohA==

next

end

Wildcard LDAP users are those of a remote LDAP server user group, whose user configuration is unknown to FortiGate. Each end-user should have the following attributes configured on the LDAP server:

  • mail: user_email_address (e.g., mail: user1@abc.com)
  • mobile: user_phone_number (e.g., mobile: +14080123456)
Note
  • In FortiOS, the "mail" attribute is mandatory and required of each user, while the "mobile" attribute is optional.
  • FTC requires that the phone number be in the format of " +(country_code)(areacode_number)".

  • All end-users under the “dn” on LDAP server are synchronized to FTC, which could be a large number. Setting “dn” to a proper level of the LDAP directory can manage the number of users who have FTC enabled.

See Configure wildcard LDAP users for FTC service for more information.

Previous
Next

Add remote FortiGate users for FTC service

Your can use the following commands to configure FortiGate wildcard LDAP users to use FortiToken Cloud for MFA:

config user ldap

edit "EngLDAP"

set server "xxx.xx.xxx.xx"

set cnid "uid"

set dn "dc=srv,dc=world"

set type regular

set two-factor fortitoken-cloud

set username "cn=Manager,dc=srv,dc=world"

set password ENC LWdyb+/k6e4TtSk070tODaCZAcbgEGKohA==

next

end

Wildcard LDAP users are those of a remote LDAP server user group, whose user configuration is unknown to FortiGate. Each end-user should have the following attributes configured on the LDAP server:

  • mail: user_email_address (e.g., mail: user1@abc.com)
  • mobile: user_phone_number (e.g., mobile: +14080123456)
Note
  • In FortiOS, the "mail" attribute is mandatory and required of each user, while the "mobile" attribute is optional.
  • FTC requires that the phone number be in the format of " +(country_code)(areacode_number)".

  • All end-users under the “dn” on LDAP server are synchronized to FTC, which could be a large number. Setting “dn” to a proper level of the LDAP directory can manage the number of users who have FTC enabled.

See Configure wildcard LDAP users for FTC service for more information.

Previous
Next