Fortinet black logo

Admin Guide

Home FortiToken Cloud Admin Guide

Independent token

Independent token

When Multi-realm Mode is enabled, newly registered auth clients will be assigned to new realms. This function is very convenient for admin users who want to become an MSSP (Managed Security Service Provider).

  1. FortiGate1 with serial number (FG200ETK1990xxxx) and FortiGate2 with serial number (FG300ETK1990xxxx) are registered under the FC account (fortinet_account@gmail.com).

  2. As long as the realm has enough resources, FTC will automatically create two realms: FG200ETK1990xxxx-root and FG300ETK1990xxxx-root, and FGT1 and FGT2 will be assigned to those two separated realms.

  3. In this case, a user created in FGT1 named “Jack Talyor” is assigned one token, and a user created in FGT2 named “Jack Talyor” is assigned a new token. They are two separate users with the same username but use separate tokens.

  4. If the two “Jack Taylors” exist in two realms, some events could be confusing. For example, if “Jack Taylor” is deleted from FGT1, the “Jack Taylor” still exists in FTC. This scenario looks like "Jack Taylor" has never been deleted on FGT1. In fact, the “Jack Taylor” is no longer in FGT1, but only exists in FGT2.

  5. Solution: Log into FGT2 and delete “Jack Taylor”. Then execute the console command “exec fortitoken-cloud sync” in FGT. This will remove the user “Jack Taylor” in FTC. After deleting the user in FGT2, assign auth client FGT1 and auth client FGT2 to the same realm, for example, the “default” realm. This will prevent the situation from happening.

Previous
Next

Independent token

When Multi-realm Mode is enabled, newly registered auth clients will be assigned to new realms. This function is very convenient for admin users who want to become an MSSP (Managed Security Service Provider).

  1. FortiGate1 with serial number (FG200ETK1990xxxx) and FortiGate2 with serial number (FG300ETK1990xxxx) are registered under the FC account (fortinet_account@gmail.com).

  2. As long as the realm has enough resources, FTC will automatically create two realms: FG200ETK1990xxxx-root and FG300ETK1990xxxx-root, and FGT1 and FGT2 will be assigned to those two separated realms.

  3. In this case, a user created in FGT1 named “Jack Talyor” is assigned one token, and a user created in FGT2 named “Jack Talyor” is assigned a new token. They are two separate users with the same username but use separate tokens.

  4. If the two “Jack Taylors” exist in two realms, some events could be confusing. For example, if “Jack Taylor” is deleted from FGT1, the “Jack Taylor” still exists in FTC. This scenario looks like "Jack Taylor" has never been deleted on FGT1. In fact, the “Jack Taylor” is no longer in FGT1, but only exists in FGT2.

  5. Solution: Log into FGT2 and delete “Jack Taylor”. Then execute the console command “exec fortitoken-cloud sync” in FGT. This will remove the user “Jack Taylor” in FTC. After deleting the user in FGT2, assign auth client FGT1 and auth client FGT2 to the same realm, for example, the “default” realm. This will prevent the situation from happening.

Previous
Next