Fortinet black logo

Admin Guide

FTC account lockout (2FA)

Copy Link
Copy Doc ID 0a6c5280-a080-11ee-8673-fa163e15d75b:95666
Download PDF

FTC account lockout (2FA)

You may find yourself unable to log in as an FGT admin.

  1. For example, Jack is an FTC admin and manages two FortiGates FGT1 and FGT2. He has enabled MFA for FGT admin login. When the FTC account is validated, everything is working fine.

  2. By missing the disabled email notification sent by FTC, Jack’s FTC account is disabled.

  3. In this situation, the MFA login function is blocked. The behavior is that MFA login automatically fails after the user enters the correct username/password.

  4. Jack can’t log into the FGT admin portal to see users who are enabled for MFA login authentication.

  5. Jack is allowed to log into his account and perform some limited activities, including enable bypass, setup bypass for users, and delete auth devices.

  6. Log into the FTC portal, ftc.fortinet.com, navigate to Settings>Realm, find the Realm which contains the users for whom Jack wants to set up bypass, and click “Enable Bypass”.

  7. Navigate to the Users page, find the FGT admin user, click “Edit User”, and click “Enable bypass” in the “Status” row. Note that the “Enable Bypass” option for the realm you’re working with from Step 6 must be turned on for FTC to allow you to turn on the bypass button on the Edit User page.

  8. Now, the FGT admin is not required to use MFA to log in anymore. Jack can log into the FGT admin portal and remove the FTC setup in the admin user until he renews the license.

FTC account lockout (2FA)

You may find yourself unable to log in as an FGT admin.

  1. For example, Jack is an FTC admin and manages two FortiGates FGT1 and FGT2. He has enabled MFA for FGT admin login. When the FTC account is validated, everything is working fine.

  2. By missing the disabled email notification sent by FTC, Jack’s FTC account is disabled.

  3. In this situation, the MFA login function is blocked. The behavior is that MFA login automatically fails after the user enters the correct username/password.

  4. Jack can’t log into the FGT admin portal to see users who are enabled for MFA login authentication.

  5. Jack is allowed to log into his account and perform some limited activities, including enable bypass, setup bypass for users, and delete auth devices.

  6. Log into the FTC portal, ftc.fortinet.com, navigate to Settings>Realm, find the Realm which contains the users for whom Jack wants to set up bypass, and click “Enable Bypass”.

  7. Navigate to the Users page, find the FGT admin user, click “Edit User”, and click “Enable bypass” in the “Status” row. Note that the “Enable Bypass” option for the realm you’re working with from Step 6 must be turned on for FTC to allow you to turn on the bypass button on the Edit User page.

  8. Now, the FGT admin is not required to use MFA to log in anymore. Jack can log into the FGT admin portal and remove the FTC setup in the admin user until he renews the license.