Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

2FA with FortiToken Cloud example

2FA with FortiToken Cloud example

To configure a user with FortiToken Cloud as the authentication type:
  1. Go to User Management > User Definition, and select Create.

    The New User Definition wizard is launched.

  2. In Choose a User Role type, select Administrator, and from the Choose an Administrator Role dropdown, select Super Administrator.

  3. Click Next.
  4. In Choose a User type, select either Local User or Remote User.

    In this example, Local User is selected.

    For Remote User, select a remote group where the user is found. See User groups.

  5. Click Next.
  6. In Configure User Detail:
    1. In Username, enter a name.
    2. In Password, enter a password.
    3. In Confirm Password, reenter password to confirm.
    4. In Status, enable logging in to FortiPAM.
    5. In Email address, enter an email address.

  7. Click Next.
  8. Enable Two Factor Authentication, and:
    1. In Authentication Type, select FortiToken Cloud.
    2. Enable Send Activation Code.
    3. In Email address, enter the email address where the activation code for FortiToken Cloud is sent.

    4. Click Next.
  9. Click Next.
  10. In the Review tab, verify the information you entered and click Submit to create the user.
  11. From the user dropdown on the top-right, select Logout.
  12. On the login screen, enter the username and password for the user you just created, and select Continue.
  13. On the token screen, enter the token from your FortiToken Mobile and select Continue to log in to FortiPAM, or approve the push login request that appears on your mobile phone to log in to FortiPAM.
CLI configuration to set up a user with FortiToken Cloud as the authentication type example:

config system admin

edit "token"

set accprofile "super_admin" #administrator role

set two-factor fortitoken-cloud

set email-to "username@example.com"

set password "myPassword"

next

end

CLI configuration to set up an interface for FortiPAM example:

config system interface

edit "port1"

set ip 192.168.1.99 255.255.255.0

set allowaccess https ssh http

set type physical

set snmp-index 1

next

end

CLI configuration to set up a virtual IP address for FortiPAM example:

config firewall vip

edit "fortipam_vip"

set uuid 858a44ac-f359-51ec-e7ec-717ef0afbf4d

set type access-proxy

set extip 192.168.1.109 #VIP and the interface IP address are different.

set extintf "any"

set server-type https

set extport 443

set ssl-certificate "Fortinet_SSL"

next

end

Previous
Next

2FA with FortiToken Cloud example

To configure a user with FortiToken Cloud as the authentication type:
  1. Go to User Management > User Definition, and select Create.

    The New User Definition wizard is launched.

  2. In Choose a User Role type, select Administrator, and from the Choose an Administrator Role dropdown, select Super Administrator.

  3. Click Next.
  4. In Choose a User type, select either Local User or Remote User.

    In this example, Local User is selected.

    For Remote User, select a remote group where the user is found. See User groups.

  5. Click Next.
  6. In Configure User Detail:
    1. In Username, enter a name.
    2. In Password, enter a password.
    3. In Confirm Password, reenter password to confirm.
    4. In Status, enable logging in to FortiPAM.
    5. In Email address, enter an email address.

  7. Click Next.
  8. Enable Two Factor Authentication, and:
    1. In Authentication Type, select FortiToken Cloud.
    2. Enable Send Activation Code.
    3. In Email address, enter the email address where the activation code for FortiToken Cloud is sent.

    4. Click Next.
  9. Click Next.
  10. In the Review tab, verify the information you entered and click Submit to create the user.
  11. From the user dropdown on the top-right, select Logout.
  12. On the login screen, enter the username and password for the user you just created, and select Continue.
  13. On the token screen, enter the token from your FortiToken Mobile and select Continue to log in to FortiPAM, or approve the push login request that appears on your mobile phone to log in to FortiPAM.
CLI configuration to set up a user with FortiToken Cloud as the authentication type example:

config system admin

edit "token"

set accprofile "super_admin" #administrator role

set two-factor fortitoken-cloud

set email-to "username@example.com"

set password "myPassword"

next

end

CLI configuration to set up an interface for FortiPAM example:

config system interface

edit "port1"

set ip 192.168.1.99 255.255.255.0

set allowaccess https ssh http

set type physical

set snmp-index 1

next

end

CLI configuration to set up a virtual IP address for FortiPAM example:

config firewall vip

edit "fortipam_vip"

set uuid 858a44ac-f359-51ec-e7ec-717ef0afbf4d

set type access-proxy

set extip 192.168.1.109 #VIP and the interface IP address are different.

set extintf "any"

set server-type https

set extport 443

set ssl-certificate "Fortinet_SSL"

next

end

Previous
Next