Fortinet black logo

Administration Guide

FortiAuthenticator and FortiTokens

FortiAuthenticator and FortiTokens

With FortiOS, FortiToken identifiers must be entered into the FortiGate unit, which then contacts FortiGuard servers to verify the information before activating them.

FortiAuthenticator on the other hand acts as a repository for all FortiToken devices used on your network. It is a single point of registration and synchronization for easier installation and maintenance.

To register FortiTokens, you must have a valid FortiGuard connection, otherwise any FortiTokens you enter will have an Inactive status. After the FortiTokens are registered, the connection to FortiGuard is no longer essential.

If a token authentication fails, check that the system time on FortiAuthenticator is correct and re-synchronize the FortiToken.

To add FortiTokens manually:
  1. Go to Authentication > User Management > FortiTokens and select Create New.
  2. Select the Token type, either FortiToken Hardware or FortiToken Mobile.
  3. If FortiToken Hardware is selected, enter one or more token serial numbers in the Serial numbers field.
  4. You can also import multiple tokens by selecting Import Multiple, or by selecting Add all FortiTokens from the same Purchase Order and entering a single token's serial number; all tokens associated with that purchase order will then be imported.

  5. If FortiToken Mobile, enter the Activation codes in the field provided, or select Get FortiToken Mobile free trial tokens to use temporary tokens.
  6. Select OK to add the FortiToken(s).
To import FortiTokens from a CSV file:
  1. From the FortiToken list, select Import.
  2. Do one of the following:
    • Select Serial number file to load a CSV file that contains token serial numbers. FortiToken devices have a serial number barcode on them used to create the import file.
    • Select Seed file to load a CSV file that contains the token serial numbers, encrypted seeds, and IV values.
  3. Select Choose File, find the configuration file, and select Open.
  4. Select OK to import the FortiTokens.
To import FortiTokens from a FortiGate unit:
  1. Export the FortiGate unit configuration to a file.
  2. From the FortiToken list, select Import.
  3. Select FortiGate configuration file.
  4. For Data to import, select either Import FortiToken Hardware only, Import FortiToken Hardware and only their associated users, or Import all FortiToken Hardware and users.
  5. Select Choose File, find the configuration file, and select Open.
  6. If the file is encrypted, enter the Password in the field provided.
  7. Select OK to import the FortiTokens.
To export FortiTokens:
  1. From the FortiToken list, select Export FTK Hardware.
  2. Save the file to your computer.

FortiAuthenticator and FortiTokens

With FortiOS, FortiToken identifiers must be entered into the FortiGate unit, which then contacts FortiGuard servers to verify the information before activating them.

FortiAuthenticator on the other hand acts as a repository for all FortiToken devices used on your network. It is a single point of registration and synchronization for easier installation and maintenance.

To register FortiTokens, you must have a valid FortiGuard connection, otherwise any FortiTokens you enter will have an Inactive status. After the FortiTokens are registered, the connection to FortiGuard is no longer essential.

If a token authentication fails, check that the system time on FortiAuthenticator is correct and re-synchronize the FortiToken.

To add FortiTokens manually:
  1. Go to Authentication > User Management > FortiTokens and select Create New.
  2. Select the Token type, either FortiToken Hardware or FortiToken Mobile.
  3. If FortiToken Hardware is selected, enter one or more token serial numbers in the Serial numbers field.
  4. You can also import multiple tokens by selecting Import Multiple, or by selecting Add all FortiTokens from the same Purchase Order and entering a single token's serial number; all tokens associated with that purchase order will then be imported.

  5. If FortiToken Mobile, enter the Activation codes in the field provided, or select Get FortiToken Mobile free trial tokens to use temporary tokens.
  6. Select OK to add the FortiToken(s).
To import FortiTokens from a CSV file:
  1. From the FortiToken list, select Import.
  2. Do one of the following:
    • Select Serial number file to load a CSV file that contains token serial numbers. FortiToken devices have a serial number barcode on them used to create the import file.
    • Select Seed file to load a CSV file that contains the token serial numbers, encrypted seeds, and IV values.
  3. Select Choose File, find the configuration file, and select Open.
  4. Select OK to import the FortiTokens.
To import FortiTokens from a FortiGate unit:
  1. Export the FortiGate unit configuration to a file.
  2. From the FortiToken list, select Import.
  3. Select FortiGate configuration file.
  4. For Data to import, select either Import FortiToken Hardware only, Import FortiToken Hardware and only their associated users, or Import all FortiToken Hardware and users.
  5. Select Choose File, find the configuration file, and select Open.
  6. If the file is encrypted, enter the Password in the field provided.
  7. Select OK to import the FortiTokens.
To export FortiTokens:
  1. From the FortiToken list, select Export FTK Hardware.
  2. Save the file to your computer.