Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Associate FortiTokens with accounts

Associate FortiTokens with accounts

The final step before using the FortiTokens to authenticate logons is associating a FortiToken with an account. The accounts can be local user or administrator accounts.

NOTE: You cannot delete a FortiToken from the FortiToken list page if it is associated with a user account.

To add a FortiToken to a local user account using web-based manager:

  1. Ensure that your FortiToken serial number has been added to the FortiProxy unit successfully, and its status is Available.

  2. Go to User & Authentication > User Definition, select the user account, and then click Edit User.

  3. Enter the userʼs Email Address.

  4. Enable Two-factor Authentication.

  5. Select the user's FortiToken serial number from the Token list.

  6. Click OK.

note icon

For mobile token, select Send Activation Code to be sent to the email address configured previously. The user will use this code to activate the mobile token. An Email Service has to be set under System > Advanced to send the activation code.
To add a FortiToken to a local user account using the CLI:

config user local

edit <username>

set type password

set passwd "myPassword"

set two-factor fortitoken

set fortitoken <serial_number>

set email-to "username@example.com"

set status enable

next

end

To add a FortiToken to an administrator account using the web-based manager:

  1. Ensure that your FortiToken serial number has been added to the FortiProxy unit successfully, and its status is Available.

  2. Go to System > Administrators , select admin, and then click Edit. This account is assumed to be configured except for two-factor authentication.

  3. Enter admin's Email Address.

  4. Enable Two-factor Authentication.

  5. Select the user's FortiToken serial number from the Token list.

  6. Click OK.

note icon

For mobile token, select Send Activation Code to be sent to the email address configured previously. The admin will use this code to activate the mobile token. An Email Service has to be set under System > Advanced to send the activation code.
To add a FortiToken to an administrator account using the CLI:

config system admin

edit <username>

set password "myPassword"

set two-factor fortitoken

set fortitoken <serial_number>

set email-to "username@example.com"

next

end

The fortitoken keyword is not visible until fortitoken is selected for the two-factor option.

note icon Before a new FortiToken can be used, you might need to synchronize it due to clock drift.
Previous
Next

Associate FortiTokens with accounts

The final step before using the FortiTokens to authenticate logons is associating a FortiToken with an account. The accounts can be local user or administrator accounts.

NOTE: You cannot delete a FortiToken from the FortiToken list page if it is associated with a user account.

To add a FortiToken to a local user account using web-based manager:

  1. Ensure that your FortiToken serial number has been added to the FortiProxy unit successfully, and its status is Available.

  2. Go to User & Authentication > User Definition, select the user account, and then click Edit User.

  3. Enter the userʼs Email Address.

  4. Enable Two-factor Authentication.

  5. Select the user's FortiToken serial number from the Token list.

  6. Click OK.

note icon

For mobile token, select Send Activation Code to be sent to the email address configured previously. The user will use this code to activate the mobile token. An Email Service has to be set under System > Advanced to send the activation code.
To add a FortiToken to a local user account using the CLI:

config user local

edit <username>

set type password

set passwd "myPassword"

set two-factor fortitoken

set fortitoken <serial_number>

set email-to "username@example.com"

set status enable

next

end

To add a FortiToken to an administrator account using the web-based manager:

  1. Ensure that your FortiToken serial number has been added to the FortiProxy unit successfully, and its status is Available.

  2. Go to System > Administrators , select admin, and then click Edit. This account is assumed to be configured except for two-factor authentication.

  3. Enter admin's Email Address.

  4. Enable Two-factor Authentication.

  5. Select the user's FortiToken serial number from the Token list.

  6. Click OK.

note icon

For mobile token, select Send Activation Code to be sent to the email address configured previously. The admin will use this code to activate the mobile token. An Email Service has to be set under System > Advanced to send the activation code.
To add a FortiToken to an administrator account using the CLI:

config system admin

edit <username>

set password "myPassword"

set two-factor fortitoken

set fortitoken <serial_number>

set email-to "username@example.com"

next

end

The fortitoken keyword is not visible until fortitoken is selected for the two-factor option.

note icon Before a new FortiToken can be used, you might need to synchronize it due to clock drift.
Previous
Next