Fortinet black logo

Admin guide

Home FortiToken Cloud Admin guide

FTC account lockout (2FA)

Copy Link
Copy Doc ID 1843b2fc-5b95-11ed-96f0-fa163e15d75b:95666
Download PDF

FTC account lockout (2FA)

You may find yourself unable to log in as an FGT admin.

  1. For example, Jack is an FTC admin and manages two FortiGates FGT1 and FGT2. He has enabled MFA for FGT admin login. When the FTC account is validated, everything is working fine.

  2. By missing the disabled email notification sent by FTC, Jack’s FTC account is disabled.

  3. In this situation, the MFA login function is blocked. The behavior is that MFA login automatically fails after the user enters the correct username/password.

  4. Jack can’t log into the FGT admin portal to see users who are enabled for MFA login authentication.

  5. Jack is allowed to log into his account and perform some limited activities, including enable bypass, setup bypass for users, and delete auth devices.

  6. Log into the FTC portal, ftc.fortinet.com, navigate to Settings>Realm, find the Realm which contains the users for whom Jack wants to set up bypass, and click “Enable Bypass”.

  7. Navigate to the Users page, find the FGT admin user, click “Edit User”, and click “Enable bypass” in the “Status” row.

  8. Now, the FGT admin is not required to use MFA to log in anymore. Jack can log into the FGT admin portal and remove the FTC setup in the admin user until he renews the license.

Previous
Next

FTC account lockout (2FA)

You may find yourself unable to log in as an FGT admin.

  1. For example, Jack is an FTC admin and manages two FortiGates FGT1 and FGT2. He has enabled MFA for FGT admin login. When the FTC account is validated, everything is working fine.

  2. By missing the disabled email notification sent by FTC, Jack’s FTC account is disabled.

  3. In this situation, the MFA login function is blocked. The behavior is that MFA login automatically fails after the user enters the correct username/password.

  4. Jack can’t log into the FGT admin portal to see users who are enabled for MFA login authentication.

  5. Jack is allowed to log into his account and perform some limited activities, including enable bypass, setup bypass for users, and delete auth devices.

  6. Log into the FTC portal, ftc.fortinet.com, navigate to Settings>Realm, find the Realm which contains the users for whom Jack wants to set up bypass, and click “Enable Bypass”.

  7. Navigate to the Users page, find the FGT admin user, click “Edit User”, and click “Enable bypass” in the “Status” row.

  8. Now, the FGT admin is not required to use MFA to log in anymore. Jack can log into the FGT admin portal and remove the FTC setup in the admin user until he renews the license.

Previous
Next