Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Download PDF
Copy Link

Introduction

FortiTokens are security tokens used as part of a two-factor authentication system on FortiGate/FortiOS and FortiAuthenticator devices. The token produces a temporary six or eight digit (configurable) code that is used to prove one's identity electronically as a prerequisite for accessing network resources. There are many types of hardware and software based tokens, sometimes referred to as dongles, key fobs, authentication tokens, USB tokens, and cryptographic tokens.

FortiToken is available as either a physical or a mobile token, as described below.

For the purposes of this document, FortiOS version 5.6.0 build1449 (GA) and FortiAuthenticator version v4.3 build0216 (GA) was used.

Physical token

  • FortiToken-200: These physical tokens display their code on the device itself, and provide two-factor authentication for RADIUS, LDAP, and 802.1X wireless authentication, as well as Fortinet Single Sign-on (FSSO). This kind of two-factor authentication improves security by moving away from use of static passwords.

To transfer FortiToken-200 tokens from one FortiGate or FortiAuthenticator device to another, visit the Fortinet Support website.

When contacting customer support, you must provide the FortiToken serial number, as well as the FortiGate or FortiAuthenticator serial number to which the token is assigned.
  • FortiToken-200CD: These tokens provide the same authentication properties as FortiToken-200 devices, however they come with an activation CD. The CD contains the token seed files which are installed to the FortiGate or FortiAuthenticator, and is used to easily import multiple FortiTokens at once.

With FortiToken-200CD, the tokens can be installed on as many FortiGate and FortiAuthenticator devices as the customer wants, simultaneously, from the same seed file.

  • FortiToken-220-Edge: These tokens provide the same authentication properties as FortiToken-200 devices, however they come in a convenient mini credit card form factor. The FTK220 uses NFC technology so you have the option to program the seeds for your Edge on your own using our programmer application on your smartphone.

Mobile token

  • FortiToken Mobile: These tokens produce their codes in an application you can download to your Android or iOS device that is used just like a FortiToken-200 but without the need for a physical token. FTM uses push technology so you can receive login attempt notifications on your smartphone or tablet and verify the login with a single tap.

Users can download their free FortiToken Mobile application from either the iTunes App Store or Google Play, for iPhone and Android smartphones respectively.

For the purposes of this document, FTM iOS version 4.0 was used.

Introduction

FortiTokens are security tokens used as part of a two-factor authentication system on FortiGate/FortiOS and FortiAuthenticator devices. The token produces a temporary six or eight digit (configurable) code that is used to prove one's identity electronically as a prerequisite for accessing network resources. There are many types of hardware and software based tokens, sometimes referred to as dongles, key fobs, authentication tokens, USB tokens, and cryptographic tokens.

FortiToken is available as either a physical or a mobile token, as described below.

For the purposes of this document, FortiOS version 5.6.0 build1449 (GA) and FortiAuthenticator version v4.3 build0216 (GA) was used.

Physical token

  • FortiToken-200: These physical tokens display their code on the device itself, and provide two-factor authentication for RADIUS, LDAP, and 802.1X wireless authentication, as well as Fortinet Single Sign-on (FSSO). This kind of two-factor authentication improves security by moving away from use of static passwords.

To transfer FortiToken-200 tokens from one FortiGate or FortiAuthenticator device to another, visit the Fortinet Support website.

When contacting customer support, you must provide the FortiToken serial number, as well as the FortiGate or FortiAuthenticator serial number to which the token is assigned.
  • FortiToken-200CD: These tokens provide the same authentication properties as FortiToken-200 devices, however they come with an activation CD. The CD contains the token seed files which are installed to the FortiGate or FortiAuthenticator, and is used to easily import multiple FortiTokens at once.

With FortiToken-200CD, the tokens can be installed on as many FortiGate and FortiAuthenticator devices as the customer wants, simultaneously, from the same seed file.

  • FortiToken-220-Edge: These tokens provide the same authentication properties as FortiToken-200 devices, however they come in a convenient mini credit card form factor. The FTK220 uses NFC technology so you have the option to program the seeds for your Edge on your own using our programmer application on your smartphone.

Mobile token

  • FortiToken Mobile: These tokens produce their codes in an application you can download to your Android or iOS device that is used just like a FortiToken-200 but without the need for a physical token. FTM uses push technology so you can receive login attempt notifications on your smartphone or tablet and verify the login with a single tap.

Users can download their free FortiToken Mobile application from either the iTunes App Store or Google Play, for iPhone and Android smartphones respectively.

For the purposes of this document, FTM iOS version 4.0 was used.