FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sselvam
Staff
Staff
Article Id 194160
Description
This article describes how to provision FortiToken cloud for firewall local users.

Related link.
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/486371/fortitoken-cloud

Solution
FortiToken Cloud can be provisioned to FortiGate administrators as well as local firewall users.

First, enable this feature from the CLI:
# config system global
    set fortitoken-cloud-service enable
end
Note.
Log out and log back in for the change to take effect.


To assign FortiToken Cloud two-factor authentication to multiple users:

1) Go to User & Device -> User Definition. The list of users appears (Users need valid email addresses in the configuration).
2) Select all the users.
3) Select the selected users (in this example: test4 and test6)
4) From the drop down list, select 'Assign Cloud Token'.




5) Select 'OK' to the prompt that appears to confirm the cloud Token assignment.




In the users list under the two-factor authentication column, the FortiToken Cloud icon for the users test4 and test6 is visible.





From the CLI for local users:
Assign the FortiCloud token to local users or administrators using the fortitoken-cloud option:
# config user local
    edit "test-cl3"
        set type password
        set two-factor fortitoken-cloud  
        set email-to .........
    next
end
Useful information:

The following commands can be used to manage FortiCloud users:

Commands -> descriptions.
# diagnose ftk-cloud show users                                 <----- Show all current users on the FortiCloud server.

# diagnose ftk-cloud delete user <username>                     <-----  Delete the specified user from FortiCloud.

# diagnose ftk-cloud sync                                       <----- Update the information on the FortiCloud server after changing an email address or phone number on the FortiGate.

# diagnose ftk-cloud server <server_ip>                                      <----- Change the current FortiCloud server. All FortiCloud related operations on the FortiGate will be synchronized with the new server.

Contributors