Fortinet black logo

Admin Guide

Home FortiToken Cloud Admin Guide

Create a last-login policy

Create a last-login policy

The Last Login feature enables FortiToken Cloud admins to let end-users use the trusted IP or the trusted subnet login MFA bypass within a specified time period. In so doing, end-users using the trusted IP resources can use the MFA feature more easily in their daily work.

To enable the Last Login feature in an adaptive authentication policy:

  1. From the side menu, select Adaptive Auth>Policy, and then select Add Policy.

  2. Specify the name of the policy.

  3. For Action, select Bypass MFA.

  4. For Filters, select Subnet Filter.

  5. For Subnet Filter>Subnets, specify the IP or subset. (Note: The IP and Subnet must be supported by FortiProducts).

  6. Select the Last Login button and specify a reasonable MFA Interval time period. (Note: The valid values range from 1 to 72 hours.)

  7. For Schedule, select a schedule set.

  8. Click confirm.

  9. Add the new policy to a profile and be sure to select the same action (Bypass MFA).

  10. Add the new profile to any auth client (including FortiProducts and web apps) and any realms whose users are going to use the specified trusted IPs or subnets.

Previous
Next

Create a last-login policy

The Last Login feature enables FortiToken Cloud admins to let end-users use the trusted IP or the trusted subnet login MFA bypass within a specified time period. In so doing, end-users using the trusted IP resources can use the MFA feature more easily in their daily work.

To enable the Last Login feature in an adaptive authentication policy:

  1. From the side menu, select Adaptive Auth>Policy, and then select Add Policy.

  2. Specify the name of the policy.

  3. For Action, select Bypass MFA.

  4. For Filters, select Subnet Filter.

  5. For Subnet Filter>Subnets, specify the IP or subset. (Note: The IP and Subnet must be supported by FortiProducts).

  6. Select the Last Login button and specify a reasonable MFA Interval time period. (Note: The valid values range from 1 to 72 hours.)

  7. For Schedule, select a schedule set.

  8. Click confirm.

  9. Add the new policy to a profile and be sure to select the same action (Bypass MFA).

  10. Add the new profile to any auth client (including FortiProducts and web apps) and any realms whose users are going to use the specified trusted IPs or subnets.

Previous
Next