Main features
FortiCloud SSO
Integration with FortiCloud provides unified single sign-on (SSO) access to all your Fortinet cloud service offerings.
Free trial licenses
FTC offers 30-day free trial licenses, which can support up to five FTC end-users for FortiCloud non-premium accounts and up to 25 end-users for FortiCloud premium accounts. (SMS messages are not included.)
Time-based annual subscriptions
FTC offers time-based subscriptions that are stackable and co-termed, giving you the flexibility to scale up your FTC MFA service with ease.
Authentication and Management logs
FTC provides comprehensive authentication and management logs to keep you informed of all authentication and management events that have happened in your account.
Global administrator and sub-admin support
FTC now enables the global admin to create sub-admin account to better allocate and manage resources across all the accounts under management.
Access to all accounts by admin users
As the global admin, you are able to access all FTC accounts belonging to your organization, choose which of your accounts to open upon login, and switch to any of your other accounts during a session.
Realm support
FTC enables admin users to create realms to effectively allocate resources and better manage their end-users.
Multi-factor authentication (MFA) for FGT and FAC devices
FTC provides a cloud-based MFA solution for all your Fortinet products, such as FortiGate (FGT) and FortiAuthenticator (FAC), and third-party web apps as auth clients.
Integration with FOS
FTC works seamlessly with FortiOS (FOS) 6.2.x and later.
Support for MFA bypass and new token request
FTC admin users can allow end-uses to bypass MFA and request new tokens on behalf of their end-users easily from the GUI.
Automatic lockout of users for excessive MFA failures
FTC automatically locks out end-users when they have breached their specified MFA failure threshold, ensuring security and integrity of your account.
Temporary token
This new feature allows you to enable your end-users to use temporary tokens for MFA authentication when they do not have their authentication devices with them, while keeping the end-users’ existing authentication methods intact. If an end-user forgets to carry his/her FTM device around and needs to log into the firewall or SSLVPN using MFA, you can enable the temporary token for the user and set the expiration time. The user can log into the firewall or SSLVPN using the temporary token until it expires. The user can get temporary tokens by email or SMS.
Disabling MFA after account disabled
Starting from its 2.5 release, FortiToken Cloud can enable existing users in disabled accounts to bypass MFA. There have been many customer cases when users are locked out due to expired licenses or exceeded quotas. With this feature, you are able to delete users by performing a user sync or delete a particular user. In the portal, you are able to change user settings including bypass MFA. After MFA is bypassed, auth requests should succeed.
Secure, cross-platform token transfer
You can securely transfer your FTC and third-party tokens between iOS and Android devices using the FortiToken Mobile (FTM) app.
Support for remote FortiGate users
You can configure FortiGate wildcard LDAP users to use FTC for MFA.
Auto log-out
FTC automatically logs out a user when the GUI has been idle for more than ten minutes, safeguarding the security and integrity of your asset on FTC.
Real-time usage statistics
The administrator can view daily, monthly, and current usage data easily from the GUI.
Support for HA clusters
FTC supports FGT and FAC HA cluster configuration. You can add or remove auth devices to or from the FTC portal. You can view your FGT and/or FAC devices in any cluster from the Auth Clients page.
Support for custom logo
The admin user can upload custom logo images to replace the default Fortinet banner at the bottom of the FTM app on your end-users' mobile devices.
Support for multiple MFA options
FTC offers four MFA methods: FTM (FortiToken Mobile), email, SMS, and FTK (FortiToken, which is a hardware token).
Auto-alias by email
Many FTC end-users have different usernames in different applications and different domains. For the same token, a single FTC user may have different usernames in different FTC auth clients. FTC now allows for different usernames to be attributed to the same user (i.e., same person) so that only one token (FTM or FTK) needs to be assigned to that same user. It does this by providing an Auto-alias by Email option, which, once turned on, enables FTC to automatically put usernames into an alias if they use the same email address.
Realm-based user quota
The global admin of an account with a time-based license can allocate user quota by realm to effectively manage their assets and end-users.
If you are an MSSP (Managed Security Service Provider), you can split out your user quota to sub-accounts. Sub-account holders can create their own passwords and have their private login portal. They can use MFA, bypass, block, and realm configurations to manage their own end-users. The MSSP can manage all your sub-accounts using the FortiToken Cloud portal.
Export of logs in .CSV
You can export FTC authentication and management logs in .CSV format for record-keeping and sharing.
SMS usage
The SMS Log page enables you to view your SMS usage.
Migration of FTM licenses to FTC
Starting from FOS 7.0.5, FTM licenses and their users on FortiGate can be seamlessly migrated to FTC without any user token change.
Device ownership transfer
FTC enables you to transfer device ownership with or without migrating device data.
Replay protection
FTC provides three (high, medium, and low) levels of MFA replay protection for admin users to choose from when configuring realm settings.
Effective end-user management
FTC enables admin users to effectively monitor and manage their end-users from its portal.
Support for pagination
FTC has implemented pagination to limit the number of records returned in each API request. This ensures that the system can respond to API requests faster, and present information in a more organized and user-friendly manner. For more information, refer to the FortiToken Cloud API.
SMS usage restriction
FTC has implemented a mechanism that prevents users from using its SMS function if the destination is a restricted country by law. Once implemented, FTC will automatically pop up a message on its GUI, informing users of the restriction when it detects the SMS messages that are being sent to a restricted country. (Note: For this release, UAE is the only country that has such a restriction.)