To import multiple FortiTokens to the FortiGate – web-based manager:
1. Go to User & Device > FortiTokens.
2. Select Create New.
3. In Type, select Hard Token.
4. Select Import.
5. Select Serial Number File or Seed File, depending on which file you have.
6. Browse to the local file location on your local computer.
7. Select OK.
The file is imported.
8. Select OK.
To add two FortiTokens to the FortiGate – CLI:
config user fortitoken edit <serial_number> next
edit <serial_number2>
next end
Activating a FortiToken on the FortiGate
Once one or more FortiTokens have been added to the FortiGate unit, they must be activated before being available to be associated with accounts.The process of activation involves the FortiGate querying FortiGuard servers about the validity of each FortiToken. The serial number and information is encrypted before it is sent for added security. A FortiGate unit requires a connection to FortiGuard servers to activate a FortiToken.
To activate a FortiToken on the FortiGate unit – web-based manager:
1. Go to User & Device > FortiTokens.
2. Select one or more FortiTokens with a status of Available.
3. Right-click the FortiToken entry and select Activate.
4. Select Refresh.
The status of selected FortiTokens will change to Activated.
The selected FortiTokens are now available for use with user and admin accounts.
And these FREE token are NOT recognized by FortiToken mobile app. How good is that?
Hello,
is it possible to connect via Command Line and only enter the Token?
Hi Mike, I was wondering if you are aware of a workaroun… I have succeeded to add a Fortitoken to an SSL VPN user, but that same user should also have Administrative rights on the Fortigate. If I enable that in the administrators for 2FA, it doesn’t recongnize or allow me to assign the same fortitoken to the user 🙁
Does it support 3rd party MFA as well?
In terms of phishing attack prevention Fido keys seem to currently one of the better solutions. There is a degree of compromise allowing devices to connect via a USB port but there are always some trade offs I guess.
Mike,
We’ve setup 2FA for admin accounts but don’t receive the email. Running ‘diag debug application alertmail -1’ shows the message and that it was successful but no email is received. We use the default SMTP settings, nothing is getting blocked/caught by Mimecast. Is there something else that needs to be enabled?