Fortinet black logo

Admin guide

Home FortiToken Cloud Admin guide

Add, sync, and delete auth clients (devices)

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:561453
Download PDF

Add, sync, and delete auth clients (devices)

When an auth client communicates to FTC for the first time, this auth client will be added to the FTC system automatically. The first communication can be triggered by creating an FTC user on the auth client or by running some CLI commands on the auth client. The auth client can be deleted from the FTC portal by choosing Auth Clients>FortiProducts or Webapps.

Use cases

  • Register a new FortiProduct, for example FortiGate, using the license or serial number of the device, create a new VDOM in FGT, or delete a VDOM.

  • Run “exec fortitoken-cloud update” on FGT to sync VDOMs (auth clients in FTC) to FTC.

How to debug

FortiToken Cloud has special debug mode in the FOS (ex. FortiGate) side. Before you perform any user sync/delete/add operation, the debug mode can be opened by running:

config global (if the multi-vdom mode is enabled)

diag fortitoken-cloud debug enable (to enable the FTC debug mode)

diagnose debug console timestamp enable (to add the timestamp to log output)

diag debug appl fnbamd –1

diag debug application httpsd 255

diag debug enable (to start the show debug message)

After running the CLI commands shown above, if any FTC user sync/delete/add action is triggered, the log message will show in the CLI. Or, if another CLI is open and executes “exec fortitoken-cloud update”, the log will also display because it manually triggers the FortiToken Cloud user update in FOS (ex. FortiGate).

If you are unable to fix the error message using the aforementioned commands, the FortiToken Cloud support team is standing by to provide any assistance if needed. Just create a support ticket and submit it to our TAC team. We will respond to your service request and resolve your issue as soon as possible. To contact technical support, visit Technical Support.

Previous
Next

Add, sync, and delete auth clients (devices)

When an auth client communicates to FTC for the first time, this auth client will be added to the FTC system automatically. The first communication can be triggered by creating an FTC user on the auth client or by running some CLI commands on the auth client. The auth client can be deleted from the FTC portal by choosing Auth Clients>FortiProducts or Webapps.

Use cases

  • Register a new FortiProduct, for example FortiGate, using the license or serial number of the device, create a new VDOM in FGT, or delete a VDOM.

  • Run “exec fortitoken-cloud update” on FGT to sync VDOMs (auth clients in FTC) to FTC.

How to debug

FortiToken Cloud has special debug mode in the FOS (ex. FortiGate) side. Before you perform any user sync/delete/add operation, the debug mode can be opened by running:

config global (if the multi-vdom mode is enabled)

diag fortitoken-cloud debug enable (to enable the FTC debug mode)

diagnose debug console timestamp enable (to add the timestamp to log output)

diag debug appl fnbamd –1

diag debug application httpsd 255

diag debug enable (to start the show debug message)

After running the CLI commands shown above, if any FTC user sync/delete/add action is triggered, the log message will show in the CLI. Or, if another CLI is open and executes “exec fortitoken-cloud update”, the log will also display because it manually triggers the FortiToken Cloud user update in FOS (ex. FortiGate).

If you are unable to fix the error message using the aforementioned commands, the FortiToken Cloud support team is standing by to provide any assistance if needed. Just create a support ticket and submit it to our TAC team. We will respond to your service request and resolve your issue as soon as possible. To contact technical support, visit Technical Support.

Previous
Next