Fortinet black logo

FortiToken Mobile User Guide

Home FortiToken FortiToken Mobile User Guide

Token Activation

Token Activation

FortiToken Mobile allows you to install tokens that are issued from FortiGate, FortiAuthenticator, and FortiToken Cloud, as well as third-party tokens such as those used for two-step verification by Dropbox, Google, Amazon, and Microsoft.

FortiToken activation email or SMS message

After your system administrator assigns a token to you, you will receive a notification with an activation code and an activation expiration date by which you must activate your token.

Depending on which option your system administrator has chosen, you will receive the activation notification by SMS, email, or both.

The activation message includes the activation code and the activation expiration date. If you do not activate your token by the indicated expiration date, you must contact your system administrator so that your token can be re-assigned for activation.

If the message is sent as an email it also contains a scannable QR code.

The activation notification looks like this for tokens issued from FortiGate, FortiAuthenticator, and FortiToken Cloud:

Welcome to FortiToken Mobile - One-Time-Password software token. 
Please visit https://docs.fortinet.com/fortitoken/ for instructions on how to install your FortiToken Mobile application on your device and activate your token. 
You must use FortiToken Mobile version 2 or above to activate this token.
Your Activation Code, which you will need to enter on your device later, is 
"xxxxxxxxxxxxxxxx"
Alternatively, use the attached QR code image to activate your token with the "Scan Barcode" feature of the app. 
You must activate your token by: 
Monday December 14, 2020 20:39 UTC(+0000), after which you will need to contact your system administrator to re-enable your activation.

Activating Your Token

You can activate your token on FortiToken Mobile for iOS, Android, and Windows after you receive an activation code via email or SMS.

Before you begin, make sure your device is set to the correct time and you have internet access.

Tokens may have enforced-pin, required (optional), and not-required PIN policy on FortiAuthenticator and FortiToken Cloud. PINs need to be set before activating tokens for two cases:

  1. If enforced-pin policy is selected by system administrator

  2. If required (optional) PIN policy is selected by system administrator and no mobile device PIN is set.

Once you have created and confirmed your PIN, you can add your tokens by using the activation code received via email or SMS. You can either enter the activation code manually or scan a QR code.

Scan Barcode

If your device supports QR code recognition, you can simply tap Scan Barcode in the FortiToken Mobile home screen and point your device camera at the QR code attached to the activation email.

Note: QR code images are not provided using the SMS activation message, only with the email activation message.

Enter Manually

  1. Tap Enter Manually, then select the type of token from the list.

    1. For FortiToken, select Fortinet.

    2. For third-party tokens, select Other.

  2. Enter a name for this token and the activation code exactly as it appears in your activation message, either by typing or copying and pasting.

    Note

    FortiToken Mobile will automatically convert lower case to upper case letters so there is no need to use the Shift key when typing.

  3. Tap Add Account.

    FortiToken Mobile communicates with the secure provisioning server to activate your token. The one-time password is now displayed in the token list view.

Third Party Token Activation

Many cloud and online applications offer the option to turn on two-step verification (also known as two-factor authentication) for added security. FortiToken Mobile provides a simple means to install tokens from cloud services providers, including Dropbox, Google, Amazon, and Microsoft.

Follow the provider’s instructions for turning on two-step verification. They will provide an activation code with options to scan a QR code or enter the code manually if you cannot scan the bar code.

If you use the option to scan the barcode and no token name is entered, the token name will default to what is encoded in the QR code image for the account name. The token name can be edited.

FortiToken Mobile allows you to choose a third-party provider. If your provider is not listed, you can still add a token if the activation code is presented in Base32 format.

Push Notifications

Push notifications provide an alternative to entering a one-time password for remote access login.

Push notification is supported on FortiToken Mobile for both IOS and Android.FortiToken Mobile for Windows doesn’t support push notifications.

FortiToken Mobile can receive push notifications even when your mobile device is locked or on the home screen as well as when FortiToken Mobile app is open. You can choose to approve or deny the login request. Once action is taken on the login request, the message "Request sent successfully" displays for 1.5 seconds.

Note:

FortiToken Mobile validates the server certificate when responding to login push notifications and transfer token requests. This only applies to tokens issued from older versions of FortiAuthenticator (6.3.1 and earlier). In some cases, you may need to enable Allow connection to an unverified server to make sure the push and token transfer features work properly.

Allow connection to an unverified server is disabled by default in FortiToken Mobile (iOS and Android) Settings.

You may need to enable this setting to approve login from push notifications in these cases:

  • The token was issued by FortiAuthenticator 6.3.1 or lower.

  • You are transferring a token that was issued by FortiAuthenticator 6.3.2/6.4.0 or lower and the default server certificate is not being used.

Please check with your system administrator if these conditions apply.

Previous
Next

Token Activation

FortiToken Mobile allows you to install tokens that are issued from FortiGate, FortiAuthenticator, and FortiToken Cloud, as well as third-party tokens such as those used for two-step verification by Dropbox, Google, Amazon, and Microsoft.

FortiToken activation email or SMS message

After your system administrator assigns a token to you, you will receive a notification with an activation code and an activation expiration date by which you must activate your token.

Depending on which option your system administrator has chosen, you will receive the activation notification by SMS, email, or both.

The activation message includes the activation code and the activation expiration date. If you do not activate your token by the indicated expiration date, you must contact your system administrator so that your token can be re-assigned for activation.

If the message is sent as an email it also contains a scannable QR code.

The activation notification looks like this for tokens issued from FortiGate, FortiAuthenticator, and FortiToken Cloud:

Welcome to FortiToken Mobile - One-Time-Password software token. 
Please visit https://docs.fortinet.com/fortitoken/ for instructions on how to install your FortiToken Mobile application on your device and activate your token. 
You must use FortiToken Mobile version 2 or above to activate this token.
Your Activation Code, which you will need to enter on your device later, is 
"xxxxxxxxxxxxxxxx"
Alternatively, use the attached QR code image to activate your token with the "Scan Barcode" feature of the app. 
You must activate your token by: 
Monday December 14, 2020 20:39 UTC(+0000), after which you will need to contact your system administrator to re-enable your activation.

Activating Your Token

You can activate your token on FortiToken Mobile for iOS, Android, and Windows after you receive an activation code via email or SMS.

Before you begin, make sure your device is set to the correct time and you have internet access.

Tokens may have enforced-pin, required (optional), and not-required PIN policy on FortiAuthenticator and FortiToken Cloud. PINs need to be set before activating tokens for two cases:

  1. If enforced-pin policy is selected by system administrator

  2. If required (optional) PIN policy is selected by system administrator and no mobile device PIN is set.

Once you have created and confirmed your PIN, you can add your tokens by using the activation code received via email or SMS. You can either enter the activation code manually or scan a QR code.

Scan Barcode

If your device supports QR code recognition, you can simply tap Scan Barcode in the FortiToken Mobile home screen and point your device camera at the QR code attached to the activation email.

Note: QR code images are not provided using the SMS activation message, only with the email activation message.

Enter Manually

  1. Tap Enter Manually, then select the type of token from the list.

    1. For FortiToken, select Fortinet.

    2. For third-party tokens, select Other.

  2. Enter a name for this token and the activation code exactly as it appears in your activation message, either by typing or copying and pasting.

    Note

    FortiToken Mobile will automatically convert lower case to upper case letters so there is no need to use the Shift key when typing.

  3. Tap Add Account.

    FortiToken Mobile communicates with the secure provisioning server to activate your token. The one-time password is now displayed in the token list view.

Third Party Token Activation

Many cloud and online applications offer the option to turn on two-step verification (also known as two-factor authentication) for added security. FortiToken Mobile provides a simple means to install tokens from cloud services providers, including Dropbox, Google, Amazon, and Microsoft.

Follow the provider’s instructions for turning on two-step verification. They will provide an activation code with options to scan a QR code or enter the code manually if you cannot scan the bar code.

If you use the option to scan the barcode and no token name is entered, the token name will default to what is encoded in the QR code image for the account name. The token name can be edited.

FortiToken Mobile allows you to choose a third-party provider. If your provider is not listed, you can still add a token if the activation code is presented in Base32 format.

Push Notifications

Push notifications provide an alternative to entering a one-time password for remote access login.

Push notification is supported on FortiToken Mobile for both IOS and Android.FortiToken Mobile for Windows doesn’t support push notifications.

FortiToken Mobile can receive push notifications even when your mobile device is locked or on the home screen as well as when FortiToken Mobile app is open. You can choose to approve or deny the login request. Once action is taken on the login request, the message "Request sent successfully" displays for 1.5 seconds.

Note:

FortiToken Mobile validates the server certificate when responding to login push notifications and transfer token requests. This only applies to tokens issued from older versions of FortiAuthenticator (6.3.1 and earlier). In some cases, you may need to enable Allow connection to an unverified server to make sure the push and token transfer features work properly.

Allow connection to an unverified server is disabled by default in FortiToken Mobile (iOS and Android) Settings.

You may need to enable this setting to approve login from push notifications in these cases:

  • The token was issued by FortiAuthenticator 6.3.1 or lower.

  • You are transferring a token that was issued by FortiAuthenticator 6.3.2/6.4.0 or lower and the default server certificate is not being used.

Please check with your system administrator if these conditions apply.

Previous
Next