Live deployment
If incorrectly configured, the following changes could result in being permanently locked out of the system. Please test first on a non-critical system before proceeding. It is highly recommended that a method to bypass two-factor authentication in the case of misconfiguration is enabled such as that described in Exempt users and groups. |
In the mode shown in Agent testing, the use of the token code can be bypassed by selecting the Other User login method, bypassing the FortiAuthenticator Agent, and the requirement for a OTP. In a live system, it would be necessary to prevent this bypass in order to enforce two-factor authentication. To do this:
- Open the FortiAuthenticator Agent GUI, select Credential Provider Options, and uncheck the Permit Built-in Password Providers option.
When the user attempts to log in again, the login dialog will be restricted to FortiAuthenticator Agent Login only.