Fortinet black logo

Admin guide

Home FortiToken Cloud Admin guide

QuickStart guide

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:389516
Download PDF

QuickStart guide

This QuickStart Guide shows how to configure an auth client to use FTC service for end-to-end authentication. The instructions are for configuring a local FortiGate SSL VPN user to log in using MFA with FTC push notification.

What you need:

  • Forti-Product, e.g., FortiGate or FortiAuthenticator (FOS version 7.0.5)

  • FortiClient

  • FortiToken Mobile app

Step 1: Register Forti-Product (FortiGate)

Register the FortiGate (FGT) under your FortiCloud (FC) account. If you don’t have an FC account, go to https://support.fortinet.com/ to register a new FortiCloud account. Register your FGT license under your FC account, and then download the license file from support.fortinet.com. After the FortiGate license is imported into FortiGate, the FortiGate is registered under this FC account.

Step 2: Get FTC license

FTC provides free trial licenses and paid licenses. You can choose one based on your preference. The following instructions show you how to get a license:

Option 1: Trial license

If you have registered under FortiCloud from support.fortinet.com, FortiToken Cloud (FTC) automatically enables your 30-day free trial license when you log into the FTC portal (ftc.fortinet.com) for the first time. There are two types of FTC time-based trial licenses: premium vs. non-premium trial. For FortiCloud premium accounts, the FTC free trial license can support up to 25 end-users and up to 25 realms; for FortiCloud non-premium accounts, the free trial license can only support up to five end-users and five realms. Neither of the free trial licenses offers SMS support. This applies to all FTC-supported auth devices.

Option 2: Paid license

Step 3: Configure SSL VPN and a local user on FGT with FortiToken Cloud enabled for MFA

Configure SSL VPN and a local user on FGT. See SSL VPN setting up on FGT.

Step 4: Activate the local user on FTM app

Install the FTM app on your phone, and activate the user created by scanning the activation code in the email that the user sent with the FTM app. Please make sure system notifications have been enabled for FTM phone (this is used for receiving notifications).

Step 5: Configure FortiClient on the login server

Install FortiClient on your server that you are going to use for logging in this user. Configure the SSL VPN tunnel which connects to FGT from FortiClient.

Link: Connecting from FortiClient to SSL VPN

Step 6: User login authentication

The user logs in with FortiClient on the server. After the username and password have been entered, you will receive a notification from the FTM app on your phone. Click “Approve”, and then you can log into the system via SSL VPN.

Previous
Next

QuickStart guide

This QuickStart Guide shows how to configure an auth client to use FTC service for end-to-end authentication. The instructions are for configuring a local FortiGate SSL VPN user to log in using MFA with FTC push notification.

What you need:

  • Forti-Product, e.g., FortiGate or FortiAuthenticator (FOS version 7.0.5)

  • FortiClient

  • FortiToken Mobile app

Step 1: Register Forti-Product (FortiGate)

Register the FortiGate (FGT) under your FortiCloud (FC) account. If you don’t have an FC account, go to https://support.fortinet.com/ to register a new FortiCloud account. Register your FGT license under your FC account, and then download the license file from support.fortinet.com. After the FortiGate license is imported into FortiGate, the FortiGate is registered under this FC account.

Step 2: Get FTC license

FTC provides free trial licenses and paid licenses. You can choose one based on your preference. The following instructions show you how to get a license:

Option 1: Trial license

If you have registered under FortiCloud from support.fortinet.com, FortiToken Cloud (FTC) automatically enables your 30-day free trial license when you log into the FTC portal (ftc.fortinet.com) for the first time. There are two types of FTC time-based trial licenses: premium vs. non-premium trial. For FortiCloud premium accounts, the FTC free trial license can support up to 25 end-users and up to 25 realms; for FortiCloud non-premium accounts, the free trial license can only support up to five end-users and five realms. Neither of the free trial licenses offers SMS support. This applies to all FTC-supported auth devices.

Option 2: Paid license

Step 3: Configure SSL VPN and a local user on FGT with FortiToken Cloud enabled for MFA

Configure SSL VPN and a local user on FGT. See SSL VPN setting up on FGT.

Step 4: Activate the local user on FTM app

Install the FTM app on your phone, and activate the user created by scanning the activation code in the email that the user sent with the FTM app. Please make sure system notifications have been enabled for FTM phone (this is used for receiving notifications).

Step 5: Configure FortiClient on the login server

Install FortiClient on your server that you are going to use for logging in this user. Configure the SSL VPN tunnel which connects to FGT from FortiClient.

Link: Connecting from FortiClient to SSL VPN

Step 6: User login authentication

The user logs in with FortiClient on the server. After the username and password have been entered, you will receive a notification from the FTM app on your phone. Click “Approve”, and then you can log into the system via SSL VPN.

Previous
Next