Help
Customer Service
Customer Service Information and Announcements
msrinivasan
Moderator
Moderator

Created on ‎02-23-2024 05:05 AM Edited on ‎03-28-2024 01:17 PM By Staff

Article Id 300987

Customer Service Tip: Two-Factor Authentication (2FA) improvement and enforcement in the FortiCloud Portal

Description This article describes important information worth noting about two-factor authentication in the FortiCloud Portal.
Scope FortiCloud Portal and Single Sign On (SSO).
Solution

Fortinet highly recommends enabling Two Factor Authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give your account the best security.

To enable 2FA, see the documentation.

The FortiToken mobile app is available for customers to download in the Google Play Store (Android) or Apple Store (IOS) depending on the type of device the user owns.

  1. If the user has signed up for a new account (or) an existing user enabling 2FA for the first time, the user will see the following:

msrinivasan_0-1708692539354.png

 

  1. When an existing user with email-based authentication tries to update/change the 2FA email address, the following screen appears, recommending the user switch to FortiToken Mobile authentication:

msrinivasan_1-1708692539360.jpeg

 

Note:

Once the Master/sub-user changes from email-based authentication to FortiToken mobile authentication, it CANNOT be switched back to email-based authentication as it is a deprecated feature.

  1. If the Master user has enforced 2FA in the FortiCloud portal, email users will see the following page when the user logs in to the FortiCloud Portal.

msrinivasan_2-1708692539380.png

 

The only option available to select will be ‘FortiToken Mobile’:

msrinivasan_3-1708692539382.jpeg

 

** Upon enabling 2FA with FortiToken, customers should download the 'FortiToken Mobile' application from the Google Play Store or Apple Store to scan the barcode sent to customers' email addresses.

 
 

Picture3.jpg

 


*** IAM users will continue to see the option to choose between the FortiToken and Email-based authentication if it is enabled by the administrator for the account.

For more information on 2FA for IAM Users, refer to the following documentation: Identity Access Management > Two-Factor Authentication (2FA).


Important Factors:

  1. Fortinet recommends users register for an account using an email address that is associated with the company domain: Use an individual's email address, DO NOT use a generic email address.

  2. Customers can always add more users if necessary where access needs to be granted to Partners or other team members or employees within the Organization. The ‘IAM User’ option in the FortiCloud Portal will allow the customer to perform this as well. Refer to How do add an IAM User.

  3. Use the self-serve option in the FortiCloud Portal to change the master user email address well in advance in case the current master account departs the company or transfers to a different department. Refer to How to change the master account ID email address.

  4. Immediately delete the IAM account of any departing employee to prevent the user from accessing the FortiCloud Portal.

For 2FA FAQs, refer to Answers to common Two Factor Authentication queries.


Refer to Contact Us to call Fortinet's support hotline number if any assistance is required.
15818
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.