Fortinet black logo

Administration Guide

Token self-provisioning

Token self-provisioning

User token self-provisioning allows users to set up their own FortiTokens without direct intervention of an administrator.

To configure token self-provisioning settings, go to Authentication > Self-service Portal > Token self-provisioning.

The following settings can be configured:

Token Self-registration
Allow FortiToken Hardware self-provisioning Enable this option if you want to allow users to self-provision their own FortiToken Hardware tokens.
Allow FortiToken Mobile self-provisioning Enable this option if you want to allow mobile users to self-provision their FortiToken Mobile.
Allow Email self-provisioning Enable this option if you want to allow users to self-provision their FortiToken Mobile via email.
Allow SMS self-provisioning Enable this option if you want to allow users to self-provision their FortiToken Mobile via SMS.
Allow user to request a token from Administrator at this email address Enable this option if you want to allow users to request a new token using an email address.
Restrict token self-provisioning to members of specific groups Enable this option if you want to restrict token self provisioning only to members of selected user groups.
Token Self-revocation
Allow users to report a lost token to the Administrator at this email address Enable this option if you want to allow users to report a lost token to a specific email address.
Allow users to temporarily use SMS token authentication if a mobile number was pre-configured Enable this option if you want to allow users to switch to temporary SMS based authentication. The administrator will also be notified.
Allow users to temporarily use email token authentication if an email was pre-configured Enable this option if you want to allow users to switch to temporary email based authentication. The administrator will also be notified.
Allow users to re-provision their FortiToken Mobile Enable this option if you want to allow mobile users to re-provision their token.

How a user registers a token

If enabled, a user can self-register a token from the user portal screen.

To self-register:
  1. Browse to the IP address of the user portal and log in.
  2. Go to My Account > User > Register Token to open the token registration options.
  3. Fill in all the required fields.
  4. Only options that the administrator has configured under the Token Self-registration options are available.

  5. Select OK to register token.

    If a token is already assigned to the user, the token registration page will display the token along with its serial number.

How a user reports a lost token

A user can report a lost token (mobile or physical) from the user portal screen.

To report lost token:
  1. Browse to the IP address of the user portal.
  2. Select I lost my token.
  3. The user is directed to a page warning them that their account will be locked and the administrator will be notified. Select OK to continue.

  4. Select the preferred option.
  5. Only options that the administrator has configured under the Token Self-revocation options are available.

  6. Select OK to continue.

Token self-provisioning

User token self-provisioning allows users to set up their own FortiTokens without direct intervention of an administrator.

To configure token self-provisioning settings, go to Authentication > Self-service Portal > Token self-provisioning.

The following settings can be configured:

Token Self-registration
Allow FortiToken Hardware self-provisioning Enable this option if you want to allow users to self-provision their own FortiToken Hardware tokens.
Allow FortiToken Mobile self-provisioning Enable this option if you want to allow mobile users to self-provision their FortiToken Mobile.
Allow Email self-provisioning Enable this option if you want to allow users to self-provision their FortiToken Mobile via email.
Allow SMS self-provisioning Enable this option if you want to allow users to self-provision their FortiToken Mobile via SMS.
Allow user to request a token from Administrator at this email address Enable this option if you want to allow users to request a new token using an email address.
Restrict token self-provisioning to members of specific groups Enable this option if you want to restrict token self provisioning only to members of selected user groups.
Token Self-revocation
Allow users to report a lost token to the Administrator at this email address Enable this option if you want to allow users to report a lost token to a specific email address.
Allow users to temporarily use SMS token authentication if a mobile number was pre-configured Enable this option if you want to allow users to switch to temporary SMS based authentication. The administrator will also be notified.
Allow users to temporarily use email token authentication if an email was pre-configured Enable this option if you want to allow users to switch to temporary email based authentication. The administrator will also be notified.
Allow users to re-provision their FortiToken Mobile Enable this option if you want to allow mobile users to re-provision their token.

How a user registers a token

If enabled, a user can self-register a token from the user portal screen.

To self-register:
  1. Browse to the IP address of the user portal and log in.
  2. Go to My Account > User > Register Token to open the token registration options.
  3. Fill in all the required fields.
  4. Only options that the administrator has configured under the Token Self-registration options are available.

  5. Select OK to register token.

    If a token is already assigned to the user, the token registration page will display the token along with its serial number.

How a user reports a lost token

A user can report a lost token (mobile or physical) from the user portal screen.

To report lost token:
  1. Browse to the IP address of the user portal.
  2. Select I lost my token.
  3. The user is directed to a page warning them that their account will be locked and the administrator will be notified. Select OK to continue.

  4. Select the preferred option.
  5. Only options that the administrator has configured under the Token Self-revocation options are available.

  6. Select OK to continue.