Document
Library

Admin guide

Introduction
Acronyms and abbreviations
Main features
Licensing and availability
- Time-based subscriptions
- Credit-based subscriptions
  - Transition to time-based subscriptions
- FortiTrust-identity licensing
- SMS licensing
Architecture
Compatibility
- Compatible Fortinet applications
- Supported browsers
Important notes
- Credit-based licenses no longer available for purchase
- Use of non-officially supported FOS
- The same token for the same user on multiple auth clients
- FOS 6.2.3 and 6.4.0 CLI differences
- Admin accounts and realms
- Supported hard tokens
- No SMS MFA with FAC as LDAP server
- A single FTC user in multiple auth clients
- FAC users' name issues on FTC GUI
- How to use FortiClient
- Local vs. global disable/delete
QuickStart guide
FortiToken Mobile
- Supported FortiToken Mobile apps
- Activate FTM tokens
- Activate third-party tokens
- Use FTM tokens
Use cases
- One Token shared by different auth clients
- Change separate tokens to a single token
- Independent token
- Auto-Alias features—Use the same email address
- Split user quota to different realms
- FTC account lockout (2FA)
- Manage access to FTC
- Control risky conditions
- Switch from Fortitoken to FortiToken Cloud (FTC) lockout
- Migrate FTM tokens to FortiToken Cloud
Auth clients
- Getting started—FGT-FTC users
- Getting started—FAC-FTC users
- Transfer auth client (FC account lockout)
- Replace an old FortiGate with a new one
- Auth clients in HA mode
- Synchronize LDAP remote users in wildcard user group from FortiGate
- Email notification on license balance status
Maintenance
- Add, sync, and delete users
- Add, sync, and delete auth clients (devices)
- Service debug
Settings
- Global
- Realm
- Templates
FortiToken Cloud GUI
- Launch FortiToken Cloud
- FortiCloud
- Dashboard
- Administrators
- Users
- Realms
- FortiProducts
- Web Apps
- Devices (HA)
- Mobile Tokens
- Hardware Tokens
- Usage
- Licenses
- Adaptive authentication
- Logs
Product documentation and support
- Create an SMS credit balance alert event
FOS CLI commands for FortiToken Cloud
- Global system configuration
- Access FTC management commands
- Configure admin users
- Configure local users
- Configure local LDAP users for FTC service
- Configure wildcard LDAP users for FTC service
- Configure local RADIUS users for FTC service
- Migrate FTM tokens to FortiToken Cloud
- Diagnose FortiToken Cloud
FAQs
Release history
Technical support
Change log

Home FortiToken Cloud Admin guide

Transfer auth client (FC account lockout)

Copy Link

Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:218188

Download PDF

Transfer auth client (FC account lockout)

If one of your account owners has left your organization, the associated account will be locked out. If you still want to keep using the auth client which was registered under the locked account, you can transfer the ownership of the auth client from one FC account to another FC account.

Use case

You can transfer the FortiGate to a new account from the FortiGate GUI, and then log into the FTC GUI with the new FC account to validate the device ownership from the Device Transfer page of the FTC portal. If the validation result shows there are auth clients under the previous FC account, you need to choose to delete the auth clients from the previous FC account.

The auth client clean-up will take some time, so validate the device again until the device has been transferred to the new FC account. All users with FTC MFA on the FGT can be synced to FTC and the end-users need to be re-activated with a new token if you want to keep the users on the FGT. Otherwise, delete the FTC users on FGT and use it as a new auth device with FTC.

For more information, see Devices (HA).

Previous

Next

Transfer auth client (FC account lockout)

If one of your account owners has left your organization, the associated account will be locked out. If you still want to keep using the auth client which was registered under the locked account, you can transfer the ownership of the auth client from one FC account to another FC account.

Use case

You can transfer the FortiGate to a new account from the FortiGate GUI, and then log into the FTC GUI with the new FC account to validate the device ownership from the Device Transfer page of the FTC portal. If the validation result shows there are auth clients under the previous FC account, you need to choose to delete the auth clients from the previous FC account.

The auth client clean-up will take some time, so validate the device again until the device has been transferred to the new FC account. All users with FTC MFA on the FGT can be synced to FTC and the end-users need to be re-activated with a new token if you want to keep the users on the FGT. Otherwise, delete the FTC users on FGT and use it as a new auth device with FTC.

For more information, see Devices (HA).

Previous

Next