Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Example - Captive portal WiFi access with FortiToken-200

In this scenario, you will enforce two-factor authentication for WiFi users who have FortiToken-200 devices through a captive portal. FortiToken-200 users who attempt to browse the Internet will be redirected to the captive portal login page and asked to enter their username, password, and six-digit authentication code.

This scenario assumes that you already have a FortiAP unit connected and authorized to the FortiGate, and that the SSID has been set up and configured to use captive portal. To see how to set up a wireless network through a captive portal, see our online cookbook configuration: Captive portal WiFi access control.

This configuration is designed for a FortiToken-200 physical key generator. See step 2 for information about using FortiToken Mobile.

You can view a video of this configuration here.

1. Adding the FortiToken

Go to User & Device > FortiTokens and create a new FortiToken.

Set Type to Hard Token and enter the Serial Number into the field provided and select OK.

2. Editing the user and assigning the FortiToken

Go to User & Device > User Definition and edit the user (rgreen).

Select Enable Two-factor Authentication and select the token created earlier.

Select Add this user to groups and add the user to the captive portal user group (employees).

This recipe is designed for a FortiToken-200 physical key generator. If the user has FortiToken Mobile, the user's contact information must be included so that the FortiToken code can be sent to the user via Email or SMS.

3. Results

When a user attempts to browse the Internet, they will be redirected to the captive portal login screen.

Members of the FortiToken group must enter their Username and Password, but will then be redirected to a screen requiring the user to enter their Token Code.[tippy title="*" class="myclass" showheader="false" width="auto" height="auto"]Retrieve the code by pressing the button on the FortiToken device.[/tippy]

Once the code is successfully entered, the user will be redirected to the URL originally requested.

On the FortiGate, go to Monitor > WiFi Client Monitor to verify that the user is authenticated.

Example - Captive portal WiFi access with FortiToken-200

In this scenario, you will enforce two-factor authentication for WiFi users who have FortiToken-200 devices through a captive portal. FortiToken-200 users who attempt to browse the Internet will be redirected to the captive portal login page and asked to enter their username, password, and six-digit authentication code.

This scenario assumes that you already have a FortiAP unit connected and authorized to the FortiGate, and that the SSID has been set up and configured to use captive portal. To see how to set up a wireless network through a captive portal, see our online cookbook configuration: Captive portal WiFi access control.

This configuration is designed for a FortiToken-200 physical key generator. See step 2 for information about using FortiToken Mobile.

You can view a video of this configuration here.

1. Adding the FortiToken

Go to User & Device > FortiTokens and create a new FortiToken.

Set Type to Hard Token and enter the Serial Number into the field provided and select OK.

2. Editing the user and assigning the FortiToken

Go to User & Device > User Definition and edit the user (rgreen).

Select Enable Two-factor Authentication and select the token created earlier.

Select Add this user to groups and add the user to the captive portal user group (employees).

This recipe is designed for a FortiToken-200 physical key generator. If the user has FortiToken Mobile, the user's contact information must be included so that the FortiToken code can be sent to the user via Email or SMS.

3. Results

When a user attempts to browse the Internet, they will be redirected to the captive portal login screen.

Members of the FortiToken group must enter their Username and Password, but will then be redirected to a screen requiring the user to enter their Token Code.[tippy title="*" class="myclass" showheader="false" width="auto" height="auto"]Retrieve the code by pressing the button on the FortiToken device.[/tippy]

Once the code is successfully entered, the user will be redirected to the URL originally requested.

On the FortiGate, go to Monitor > WiFi Client Monitor to verify that the user is authenticated.