Technical Tip: How to install FortiAuthenticator Windows Agent in non-domain connected network and enable 2FA
Description
This article describes how to install the FortiAuthenticator Windows Agent agent in non-domain joined network and enable 2FA by email.
Scope
FortiAuthenticator v6.4 and above.
Solution
Step 1:
- Download the image by navigating to below on the FortiAuthenticator.
Go to Authentication -> FortiAuthenticator Agent -> Download, and download the FortiAuthenticator Agent installer.
Or:
- Download from the support portal and navigate to /FortiAuthenticator_and_FortiTrustID_Agents/, select the required firmware to installed.
Step 2:
- Installation.
Navigate through the window for installation:
Select the required folder and select next:
After these steps, the agent will be installed and running.
Step 3:
To set up 2FA, on the FortiAuthenticator, make sure to have the SMTP settings in place refer the prerequisites.
Enable OTP via email for the user.
On the agent:
In the Two-Factor Authentication configuration screen, configure the IP address, username, and API key obtained in FortiAuthenticator Configuration. Add the default domain '.':
Note:
Ensure the Rest API user account's User Role has Full Permission and Web Service Access, as shown in the above screenshot.
Note:
Enabling full support for the local PC user requires FortiAuthenticator server v6.4.2 and above. With FortiAuthenticator v6.4.1 and below, the FortiAuthenticator Agent for Microsoft Windows shows limited behavior, i.e., the Windows Agent blocks all local users (except exempt local users).