Description
This article shows that two separate FortiToken for each authentication service is needed where that same user is assigned / configured.
Solution
'test_user1' is configured on local user and on admin user.
From here, two separate FortiToken is needed for each authentication service that the same user is assigned/configured if the user is planning to use two factor authentication for this two separate authentication service (admin authentication and local authentication for SSL VPN).
- On this first screenshot, 'test_user1' is tested on user definition and assigned fortiToken FTKMOB******67A3.
This article shows that two separate FortiToken for each authentication service is needed where that same user is assigned / configured.
Solution
'test_user1' is configured on local user and on admin user.
From here, two separate FortiToken is needed for each authentication service that the same user is assigned/configured if the user is planning to use two factor authentication for this two separate authentication service (admin authentication and local authentication for SSL VPN).
- On this first screenshot, 'test_user1' is tested on user definition and assigned fortiToken FTKMOB******67A3.
- On this second screenshot, same 'test_user1' will be seen (but basically this is a new test_user1 configured on admin account ).
It has been assigned on admin user and assigned to the same FortiToken (FTKMOB******67A3) but that same FortiToken is not available anymore, Token that is ending with FTKMO******6F6B only will be visible.
Conclusion.
This is the behavior because the ADMIN users (that can be use to login on gui of FortiGate) and LOCAL users (that can be use for SSL VPN) are two separate authentication service.
This is the behavior because the ADMIN users (that can be use to login on gui of FortiGate) and LOCAL users (that can be use for SSL VPN) are two separate authentication service.
That is why two separate FortiToken is really necessary for this.
