Change separate tokens to a single token
When you change the Multi-realm Mode from "enable" to "disable", your FTC will be changed from share-token to single token login.
-
FortiGate1 with the serial number (FG200ETK1990xxxx) and FortiGate2 with the serial number (FG300ETK1990xxxx) are registered under the FC account (fortinet_account@gmail.com).
-
As long as the realm has enough resources, FTC will automatically create two realms: “FG200ETK1990xxxx-root” and “FG300ETK1990xxxx-root”, and FGT1 and FGT2 will be assigned to those two separate realms.
-
In this case, a user created in FGT1 named “Jack Talyor” is assigned one token, and a user created in FGT2 named “Jack Talyor” is assigned a new token. They are two separate users with the same username but use separate tokens.
-
If you want to switch to one-token login mode (Users with the same username use one token only), the FTC admin can move FGT1 and FGT2 to the same realm, for example, the “default” realm, from the two realms “FG200ETK1990xxxx-root” and “FG300ETK1990xxxx-root”.
-
The users will be merged on the Users page, the two users named “Jack Taylor” will be merged into one “Jack Taylor” and the auth client count will increase to “2”. The same token will be shared by the two users named “Jack Taylor”. By default, the token will be kept for the auth client migrated to the “default” realm first, and the token for the user in the second migrated auth client will be removed.
-
Right now, “Jack Taylor” will only need one token to log into the two FGT resources.
-
Additionally, if you want to always use one-token login mode, the FTC admin can navigate to Settings>Global and disable Multi-realm Mode. He must also move all existing auth clients to the same realm, for example the “default” realm.
-
After Step 7, the existing auth clients will use single token mode and newly assigned auth clients will also migrate to the “default” realm and use single token mode.