Fortinet black logo

Admin guide

Home FortiToken Cloud Admin guide

Switch from Fortitoken to FortiToken Cloud (FTC) lockout

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:951809
Download PDF

Switch from Fortitoken to FortiToken Cloud (FTC) lockout

You can migrate FortiToken mobile license/users to FortiToken Cloud users if they prefer to take advantage of the cloud MFA service. The migration is based on the FortiToken mobile license. After the migration, the FortiToken mobile license will be converted to a time-based license on FTC and all users under this license will be converted from FTM users to FTC users. For more information, refer to Migrate FTM tokens to FortiToken Cloud.

  1. Ensure that the FTM license has already been imported into the FortiGate. (The token serial number under the FTM license may or may not have been assigned to users.)

  2. Submit ‘set FTM migration tag request’ to Customer Support (https://www.fortinet.com/support/contact) by providing the FGT serial number and the FTM license serial number. The CS team then confirms the pre-authentication from the customer and sets up the ‘FTM migration tag’

  3. Once the tag has been set up, run the execute fortitoken-cloud ftm-migrate < FortiToken mobile license number> command on the FGT. The command will transfer all users with FTM token auth under this FTM license to FTC auth method. You can find the FTM license number using the show user fortitoken command, which has set license <FTM license number>.

  4. The tokens under the migrated license are then removed from the FOS GUI, and all users that have been migrated show up on the FTC GUI.

  5. Once the migration CLI command is completed, user login authentication should work without any token data change.

  6. After the migration is completed, FTC will send out email to CS asynchronously 24 hours after the migration of the account. The email is to notify CS to invalidate the FTM license and reset the migration tag. If you are migrating multiple FTM licenses, ensure that you migrate them together within 24 hours. Otherwise, you will have to re-submit the ‘set FTM migration tag request’ request to CS.

  7. After the CS team has invalidated the FTM license and reset the migration tag, you may have to wait for up to 24 hours for the process to complete.

Previous
Next

Switch from Fortitoken to FortiToken Cloud (FTC) lockout

You can migrate FortiToken mobile license/users to FortiToken Cloud users if they prefer to take advantage of the cloud MFA service. The migration is based on the FortiToken mobile license. After the migration, the FortiToken mobile license will be converted to a time-based license on FTC and all users under this license will be converted from FTM users to FTC users. For more information, refer to Migrate FTM tokens to FortiToken Cloud.

  1. Ensure that the FTM license has already been imported into the FortiGate. (The token serial number under the FTM license may or may not have been assigned to users.)

  2. Submit ‘set FTM migration tag request’ to Customer Support (https://www.fortinet.com/support/contact) by providing the FGT serial number and the FTM license serial number. The CS team then confirms the pre-authentication from the customer and sets up the ‘FTM migration tag’

  3. Once the tag has been set up, run the execute fortitoken-cloud ftm-migrate < FortiToken mobile license number> command on the FGT. The command will transfer all users with FTM token auth under this FTM license to FTC auth method. You can find the FTM license number using the show user fortitoken command, which has set license <FTM license number>.

  4. The tokens under the migrated license are then removed from the FOS GUI, and all users that have been migrated show up on the FTC GUI.

  5. Once the migration CLI command is completed, user login authentication should work without any token data change.

  6. After the migration is completed, FTC will send out email to CS asynchronously 24 hours after the migration of the account. The email is to notify CS to invalidate the FTM license and reset the migration tag. If you are migrating multiple FTM licenses, ensure that you migrate them together within 24 hours. Otherwise, you will have to re-submit the ‘set FTM migration tag request’ request to CS.

  7. After the CS team has invalidated the FTM license and reset the migration tag, you may have to wait for up to 24 hours for the process to complete.

Previous
Next