Fortinet black logo

Admin Guide

Home FortiToken Cloud Admin Guide

Add, sync, and delete users

Copy Link
Copy Doc ID 0a6c5280-a080-11ee-8673-fa163e15d75b:397388
Download PDF

Add, sync, and delete users

When a user is created with FTC as the authentication method on an auth client (e.g., FortiGate), the user data is automatically added to the FTC system.

When a user with FTC as auth method on an auth client is deleted, the user data is automatically deleted from the FTC system. Deleting an auth client from the FTC portal deletes all users on the auth client. Additionally, you can delete individual users in the Users page of the FTC portal. You can sync user data anytime from the auth client (FortiGate in this case) to FTC by running the "exec fortitoken-cloud sync" command, as discussed in the following use case.

Use case

  1. Create or delete users in FGT.

  2. Run “exec fortitoken-cloud sync” on FGT to sync users with FTC auth method to FTC:

  • If syncing works well, the output will show: 
    Sync status: {"status": "complete", "msg": {"delete": {"success": 0, "failure": 0}, "modify": {"success": 0, "failure": 0}, "create": {"success": 3, "failure": 0}}} 
User synchronization completed!
  • If syncing failed, the output will show: 
    Sync status: {"status": "complete", "msg": {"delete": {"success": 0, "failure": 0}, "modify": {"success": 0, "failure": 0}, "create": {"success": 0, "failure": 3}}} 
User synchronization completed!
  • If you encounter the “failure” as shown above, check to see if this auth client exists in the FTC side by searching the SN in the Auth Clients > FortiProducts page.
    • If it does not exist, check to see if the switch Auto-create Auch Client is enabled in the Settings > Global page.
    • If it does exist, check to see if the user quota has reached the maximum, or if the realm assigned has available quota and if the Share-quota Mode is disabled.
  • If the connection to FTC is unstable or unavailable, the output will show: 
    Cannot find FTC server! 
Cannot retrieve user information from FortiToken Cloud! 
Command fail. Return code -1
Previous
Next

Add, sync, and delete users

When a user is created with FTC as the authentication method on an auth client (e.g., FortiGate), the user data is automatically added to the FTC system.

When a user with FTC as auth method on an auth client is deleted, the user data is automatically deleted from the FTC system. Deleting an auth client from the FTC portal deletes all users on the auth client. Additionally, you can delete individual users in the Users page of the FTC portal. You can sync user data anytime from the auth client (FortiGate in this case) to FTC by running the "exec fortitoken-cloud sync" command, as discussed in the following use case.

Use case

  1. Create or delete users in FGT.

  2. Run “exec fortitoken-cloud sync” on FGT to sync users with FTC auth method to FTC:

  • If syncing works well, the output will show: 
    Sync status: {"status": "complete", "msg": {"delete": {"success": 0, "failure": 0}, "modify": {"success": 0, "failure": 0}, "create": {"success": 3, "failure": 0}}} 
User synchronization completed!
  • If syncing failed, the output will show: 
    Sync status: {"status": "complete", "msg": {"delete": {"success": 0, "failure": 0}, "modify": {"success": 0, "failure": 0}, "create": {"success": 0, "failure": 3}}} 
User synchronization completed!
  • If you encounter the “failure” as shown above, check to see if this auth client exists in the FTC side by searching the SN in the Auth Clients > FortiProducts page.
    • If it does not exist, check to see if the switch Auto-create Auch Client is enabled in the Settings > Global page.
    • If it does exist, check to see if the user quota has reached the maximum, or if the realm assigned has available quota and if the Share-quota Mode is disabled.
  • If the connection to FTC is unstable or unavailable, the output will show: 
    Cannot find FTC server! 
Cannot retrieve user information from FortiToken Cloud! 
Command fail. Return code -1
Previous
Next