Version:


Table of Contents

Admin Guide

Download PDF
Copy Link

Main features

FortiToken Cloud (FTC) offers the following main features:

  • Multi-factor authentication (MFA) for FGT and FAC devices—FTC provides a cloud-based MFA solution for all your Fortinet products (such as FortiGate (FGT) and FortiAuthenticator (FAC) and web apps as auth clients.
  • Integration with FOS 6.2—FTC works seamlessly with FortiOS (FOS) 6.2.x and later.
  • Support for MFA bypass and new token request—FTC admin users can allow end-uses to bypass MFA and request new tokens on behalf of their end-users easily from the GUI.
  • Automatic lockout of users for excessive MFA failures—FTC automatically locks out users when they have breached their specified MFA failure threshold, ensuring security and integrity of your account.
  • Secure, cross-platform token transfer—You can securely transfer your FTC and third-party tokens between iOS and Android devices using the FortiToken Mobile (FTM ) app.
  • User synchronization from FGT and/or FAC to FTC—The admin user can synchronize their end-users from FGT or FAC to FTC from the FGT Console or FAC GUI. The user base of record is always the Auth Client (i.e., FGT or FAC), and trumps the user base that exists in FTC (if different) prior to running the sync command.
  • Support for remote FortiGate users—You can configure FortiGate wildcard LDAP users to use FTC for MFA.
  • Auth client delete function from FTC—The admin user is able to delete from the FTC portal auth clients that are no longer in use.
  • Auto log-out—FTC automatically logs out a user when the GUI has been idle for more than ten minutes, safeguarding the security and integrity of your asset on FTC.
  • Real-time usage statistics—The administrator can view daily, monthly, and current usage data easily from the GUI.
  • Time-based annual subscriptions—FTC offers time-based subscriptions that are stackable and co-termed, giving you the flexibility to scale up your FTC MFA service with ease.
  • Free trial licenses—FTC offers 30-day free trial licenses, which can support up to five FTC end-users for FortiCloud Non-premium accounts and up to 25 end-users for FortiCloud Premium accounts. (SMS messages are not included.)
  • FortiCloud SSO—Integration with FortiCloud provides unified single sign-on (SSO) access to all your Fortinet cloud service offerings.
  • Authentication and Management logs—FTC provides comprehensive authentication and management logs to keep you informed of all authentication and management events that have happened in your account.
  • Support for FGT HA clusters—FTC supports FGT and FAC HA cluster configuration. You can view your FGT and/or FAC devices in any cluster from the Auth Clients page.
  • Support for custom logo—The admin user can upload custom logo images to replace the default Fortinet banner at the bottom of the FTM app on your end-users' mobile devices.
  • FTM token activation/transfer notification by SMS—FTC is able to send FTM token activation or transfer notifications to end-user mobile devices by SMS.
  • Access to all accounts by admin users—The admin user is able to access all FTC accounts belonging to his/her own organization, choose which of your accounts to open upon login, and switch to any of your other accounts during a session.
  • Global administrator and sub-admin support—FTC now enables the global admin to create sun-admin account to better allocate and manage resources across all the accounts under management.
  • Realm support—FTC enables admin users to create realms to effectively allocate resources and better manage their end-users.
  • Support for multiple MFA options—FTC offers four MFA methods: FTM (FortiToken Mobile), email, SMS, and FTK (FortiToken, which is a hardware token).
  • Auto-alias by email—You can attribute different usernames with the same email address to the same user so that only one token needs to be assigned to a single user.
  • Realm-based user quota—The administrator of a customer with time-based license now can allocate user quota to each realm to effectively manage their assets and end-users. (Applicable to time-based annual subscriptions only.)
  • Export of logs in .CSV—You can now export FTC authentication and management logs in .CSV format for record keeping and sharing.
  • Migration of FTM licenses to FTC—Starting from FOS 7.0.5, FTM licenses and their users on FortiGate can be seamlessly migrated to FTC without any user token change.

Main features

FortiToken Cloud (FTC) offers the following main features:

  • Multi-factor authentication (MFA) for FGT and FAC devices—FTC provides a cloud-based MFA solution for all your Fortinet products (such as FortiGate (FGT) and FortiAuthenticator (FAC) and web apps as auth clients.
  • Integration with FOS 6.2—FTC works seamlessly with FortiOS (FOS) 6.2.x and later.
  • Support for MFA bypass and new token request—FTC admin users can allow end-uses to bypass MFA and request new tokens on behalf of their end-users easily from the GUI.
  • Automatic lockout of users for excessive MFA failures—FTC automatically locks out users when they have breached their specified MFA failure threshold, ensuring security and integrity of your account.
  • Secure, cross-platform token transfer—You can securely transfer your FTC and third-party tokens between iOS and Android devices using the FortiToken Mobile (FTM ) app.
  • User synchronization from FGT and/or FAC to FTC—The admin user can synchronize their end-users from FGT or FAC to FTC from the FGT Console or FAC GUI. The user base of record is always the Auth Client (i.e., FGT or FAC), and trumps the user base that exists in FTC (if different) prior to running the sync command.
  • Support for remote FortiGate users—You can configure FortiGate wildcard LDAP users to use FTC for MFA.
  • Auth client delete function from FTC—The admin user is able to delete from the FTC portal auth clients that are no longer in use.
  • Auto log-out—FTC automatically logs out a user when the GUI has been idle for more than ten minutes, safeguarding the security and integrity of your asset on FTC.
  • Real-time usage statistics—The administrator can view daily, monthly, and current usage data easily from the GUI.
  • Time-based annual subscriptions—FTC offers time-based subscriptions that are stackable and co-termed, giving you the flexibility to scale up your FTC MFA service with ease.
  • Free trial licenses—FTC offers 30-day free trial licenses, which can support up to five FTC end-users for FortiCloud Non-premium accounts and up to 25 end-users for FortiCloud Premium accounts. (SMS messages are not included.)
  • FortiCloud SSO—Integration with FortiCloud provides unified single sign-on (SSO) access to all your Fortinet cloud service offerings.
  • Authentication and Management logs—FTC provides comprehensive authentication and management logs to keep you informed of all authentication and management events that have happened in your account.
  • Support for FGT HA clusters—FTC supports FGT and FAC HA cluster configuration. You can view your FGT and/or FAC devices in any cluster from the Auth Clients page.
  • Support for custom logo—The admin user can upload custom logo images to replace the default Fortinet banner at the bottom of the FTM app on your end-users' mobile devices.
  • FTM token activation/transfer notification by SMS—FTC is able to send FTM token activation or transfer notifications to end-user mobile devices by SMS.
  • Access to all accounts by admin users—The admin user is able to access all FTC accounts belonging to his/her own organization, choose which of your accounts to open upon login, and switch to any of your other accounts during a session.
  • Global administrator and sub-admin support—FTC now enables the global admin to create sun-admin account to better allocate and manage resources across all the accounts under management.
  • Realm support—FTC enables admin users to create realms to effectively allocate resources and better manage their end-users.
  • Support for multiple MFA options—FTC offers four MFA methods: FTM (FortiToken Mobile), email, SMS, and FTK (FortiToken, which is a hardware token).
  • Auto-alias by email—You can attribute different usernames with the same email address to the same user so that only one token needs to be assigned to a single user.
  • Realm-based user quota—The administrator of a customer with time-based license now can allocate user quota to each realm to effectively manage their assets and end-users. (Applicable to time-based annual subscriptions only.)
  • Export of logs in .CSV—You can now export FTC authentication and management logs in .CSV format for record keeping and sharing.
  • Migration of FTM licenses to FTC—Starting from FOS 7.0.5, FTM licenses and their users on FortiGate can be seamlessly migrated to FTC without any user token change.