FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff
Article Id 196945

Description


This article describes the configuration of 2-Factor authentication with the licensed mobile Token.

Solution


Step 1: Adding redemption code of licensed mobile Tokens in FortiGate GUI to add the mobile Tokens

1) Go to User & Device -> FortiTokens

2) Click 'Create New'.
3) For Type, select 'Mobile Token'.
4) In the activation code field, enter the Activation code from the license (Mobile Redemption Cer.

 

sdabhade_2-1668875673433.png

 

 

 
Via CLI:
 
#config user fortitoken
edit <serial_number>
next
edit <serial_number2>
next                          <----- and so on for more tokens
end

Step 2: To activate a FortiToken in GUI
 
1) Go to User & Device -> FortiTokens.
2) Select the desired FortiTokens that have an Available status.
3) Right-click the FortiToken, then select 'Activate'.
4) Select'Refresh'.
The selected FortiToken status will change to Active.
 
Via CLI :
 
#config user fortitoken
edit <token_serial_number>
set status activate
end
The FortiToken will contact the FortiGuard server and validate the license, once done the status would be changed to Active.
 
Step 3: To activate the Token for the Local user
 
1) Make sure that the status of the Token is Available.
2) Now, assign the Token to the User:
Go to: User & devices -> User definition.
Select the particular user needed to be assigned to the Token.
 
Note: Make sure that the correct email address is mentioned when this user was created as an Activation code would be sent to that email address.
 
Edit the User and enable Two-factor authentication
The Tokens available on the FortiGate will be listed in the drop-down list
Select the Token to be assigned to the user.
Now, right-click on the User
Select 'Send activation code'
 
Note: The activation code will be sent to the email address, in order to activate the token on the Mobile application.

 
Via CLI:
 
#config user fortitoken
#edit <token serial number>
#show full-config
The output of this command will have the Activation code needed to activate the token on the FortiToken Mobile application.
 
Step 4: To activate the Token on the Mobile application

Open the application, Add the account, and mention the same as User or any Name, the Application will ask permission for the Camera since on the Email received, there is the activation code as well as QR-Code that can be scanned to activate. It's possible to use either.
If 'Manually' is selected, enter the Activation code received via email or obtained by the CLI commands.
Now, the Token is ready to be used, it will generate the 6-digit code that will be required along with the Credentials.
 

Related article: 

https://community.fortinet.com/t5/FortiToken/Technical-Note-FortiToken-basic-troubleshooting/ta-p/19...