Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Admin Guide

    Home FortiToken Cloud Admin Guide

    Create an adaptive authentication policy

    Create an adaptive authentication policy

    1. From the main menu, click Adaptive Auth > Policy to open the Policy page.
    2. On top of the page, click Add Policy to open the Add New Policy dialog.
    3. Make the desired entries and/or selections, as described in the following table.
    4. Click Confirm.
    Parameter Description
    Name Specify a unique name for the policy.
    Action

    Select one of the following:

    • Enforce MFA — By default, the FTC server will require login attempts from the specified source to use MFA.

    • Block — The FTC server will block login attempts from the specified source.

    • Bypass MFA — The FTC server will let the login attempts from the specified source bypass the MFA requirement.

    Note: The FTC server takes the specified action when an authentication request matches the policy settings.
    Filters

    Select the filter

    • Subnet Filter — See Subnet Filter below.

    • Location Filter — See Location Filter below.

    • No Source Filter — Select this option if you do not want to use any filter.

    • Schedule — Check the checkbox to enable scheduling. See Schedule below for details.
    Subnet Filter

    Note: This option is available only when Subnet Filter is selected in the Filters field above.

    Specify the subnet in one of the following formats:

    • IP address, e.g., 10.10.1.1

    • IP range, e.g., 10.10.0.0 - 10.10.10.2

    • CIDR notation, e.g., 10.10.1.0/24

    Note: The No IP option is for devices that do not support subnet filtering. If enabled, the policy will be applied to auth requests that do not have IP information.

    Location Filter

    Note: This option is available only when Location Filter is selected in the Filters field above.

    • Use the list menu to select the countries or regions of interest.

    • Select Unknown Country or Region if the location is unknown.
    Schedule

    Note: This option becomes available only when Schedule is selected in the Filters field above. Set the schedule using the following parameters:

    • Weekdays — Select the days of the week.

    • Timezone — Select the timezone, which is the timezone of the web browser by default. When an authentication request comes in, the FTC server uses the time of this timezone to match the request.

    • Time Range — Select either All day (default) or a specific time frame of the day. Note: If the start time is less than or equal to the end time, then the time range would be start time — end time; otherwise, the time range would be 0:00 — end time, start time - 23:59.
    Previous
    Next

    Create an adaptive authentication policy

    Create an adaptive authentication policy

    1. From the main menu, click Adaptive Auth > Policy to open the Policy page.
    2. On top of the page, click Add Policy to open the Add New Policy dialog.
    3. Make the desired entries and/or selections, as described in the following table.
    4. Click Confirm.
    Parameter Description
    Name Specify a unique name for the policy.
    Action

    Select one of the following:

    • Enforce MFA — By default, the FTC server will require login attempts from the specified source to use MFA.

    • Block — The FTC server will block login attempts from the specified source.

    • Bypass MFA — The FTC server will let the login attempts from the specified source bypass the MFA requirement.

    Note: The FTC server takes the specified action when an authentication request matches the policy settings.
    Filters

    Select the filter

    • Subnet Filter — See Subnet Filter below.

    • Location Filter — See Location Filter below.

    • No Source Filter — Select this option if you do not want to use any filter.

    • Schedule — Check the checkbox to enable scheduling. See Schedule below for details.
    Subnet Filter

    Note: This option is available only when Subnet Filter is selected in the Filters field above.

    Specify the subnet in one of the following formats:

    • IP address, e.g., 10.10.1.1

    • IP range, e.g., 10.10.0.0 - 10.10.10.2

    • CIDR notation, e.g., 10.10.1.0/24

    Note: The No IP option is for devices that do not support subnet filtering. If enabled, the policy will be applied to auth requests that do not have IP information.

    Location Filter

    Note: This option is available only when Location Filter is selected in the Filters field above.

    • Use the list menu to select the countries or regions of interest.

    • Select Unknown Country or Region if the location is unknown.
    Schedule

    Note: This option becomes available only when Schedule is selected in the Filters field above. Set the schedule using the following parameters:

    • Weekdays — Select the days of the week.

    • Timezone — Select the timezone, which is the timezone of the web browser by default. When an authentication request comes in, the FTC server uses the time of this timezone to match the request.

    • Time Range — Select either All day (default) or a specific time frame of the day. Note: If the start time is less than or equal to the end time, then the time range would be start time — end time; otherwise, the time range would be 0:00 — end time, start time - 23:59.
    Previous
    Next