Create a last-login policy
The Last Login feature enables FortiToken Cloud admins to let end-users use the trusted IP or the trusted subnet login MFA bypass within a specified time period. In so doing, end-users using the trusted IP resources can use the MFA feature more easily in their daily work.
To enable the Last Login feature in an adaptive authentication policy:
-
From the side menu, select Adaptive Auth>Policy, and then select Add Policy.
-
Specify the name of the policy.
-
For Action, select Bypass MFA.
-
For Filters, select Subnet Filter.
-
For Subnet Filter>Subnets, specify the IP or subset. (Note: The IP and Subnet must be supported by FortiProducts).
-
Select the Last Login button and specify a reasonable MFA Interval time period. (Note: The valid values range from 1 to 72 hours.)
-
For Schedule, select a schedule set.
-
Click confirm.
-
Add the new policy to a profile and be sure to select the same action (Bypass MFA).
-
Add the new profile to any auth client (including FortiProducts and web apps) and any realms whose users are going to use the specified trusted IPs or subnets.