Fortinet black logo

Administration Guide

FortiToken physical device and FortiToken Mobile

FortiToken physical device and FortiToken Mobile

A FortiToken device is a disconnected one-time password (OTP) generator. It is a small physical device with a button that when pressed displays a six digit token passcode. FortiToken Mobile is an application for mobile devices that performs the same one-time password function as a FortiToken device.

Each FortiAuthenticator unit or VM is supplied with two trial FortiToken Mobile tokens. To obtain the free FortiToken Mobile tokens (if they have not been created dynamically on install), select Get FortiToken Mobile trial tokens when adding a FortiToken Mobile token. This may be required if, for example, you are upgrading an unlicensed FortiAuthenticator unit to a licensed one, as the old tokens associated with the unlicensed serial number will not be compatible with the new, licensed serial number. The tokens will still work, but they cannot be reassigned to a new user. In this case, you must delete the old tokens, and then generate new ones.

Time-based token passcodes require that FortiAuthenticator clock is accurate. If possible, configure the system time to synchronize with an NTP server.

To perform token-based authentication, the user must enter the token passcode. If the user’s username and password are also required, this is called two-factor authentication. The displayed code changes every 60 seconds.

note icon FortiAuthenticator supports FortiToken OTP push notifications, or FTMv4 push notifications. Using FTMv4, when required to authenticate themselves, FortiToken Mobile users don't have to look-up a code in FortiToken and enter the code into their browser. Instead FortiToken Mobile is queried and the user just responds to accept the connection and the session is authenticated.

This section contains the following topics:

FortiToken physical device and FortiToken Mobile

A FortiToken device is a disconnected one-time password (OTP) generator. It is a small physical device with a button that when pressed displays a six digit token passcode. FortiToken Mobile is an application for mobile devices that performs the same one-time password function as a FortiToken device.

Each FortiAuthenticator unit or VM is supplied with two trial FortiToken Mobile tokens. To obtain the free FortiToken Mobile tokens (if they have not been created dynamically on install), select Get FortiToken Mobile trial tokens when adding a FortiToken Mobile token. This may be required if, for example, you are upgrading an unlicensed FortiAuthenticator unit to a licensed one, as the old tokens associated with the unlicensed serial number will not be compatible with the new, licensed serial number. The tokens will still work, but they cannot be reassigned to a new user. In this case, you must delete the old tokens, and then generate new ones.

Time-based token passcodes require that FortiAuthenticator clock is accurate. If possible, configure the system time to synchronize with an NTP server.

To perform token-based authentication, the user must enter the token passcode. If the user’s username and password are also required, this is called two-factor authentication. The displayed code changes every 60 seconds.

note icon FortiAuthenticator supports FortiToken OTP push notifications, or FTMv4 push notifications. Using FTMv4, when required to authenticate themselves, FortiToken Mobile users don't have to look-up a code in FortiToken and enter the code into their browser. Instead FortiToken Mobile is queried and the user just responds to accept the connection and the session is authenticated.

This section contains the following topics: