Troubleshooting Tip: Solving 'Email Required' Errors During LDAP User Sync with Email TFA on FortiAuthenticator

Description

This article describes the 'Email is required if TFA method is email' error encountered during remote LDAP user synchronization on FortiAuthenticator.

Scope

FortiAuthenticator.

Solution

• Attempting to sync a remote user using remote user sync rules results in the following error, preventing the user from being added: 'Email is required if TFA method is email.'

• In the Remote User Sync Rules, 'Email' as the OTP method has been selected.

• Also, under the Remote User Sync Rules settings, the email attribute must be defined.

• Now add an email address of the active directory user as follows:
  

1. Select the user to edit the email address.
2. Go to the 'Attribute Editor' tab.
   
3. Go to the 'mail' attribute and select edit.
   
4. Enter the required email address.

• It is then necessary to select 'manual sync' on the Remote User Sync Rule or else wait for the Sync interval to trigger and verify that the username 'userd' has been successfully imported from the LDAP server.

• The logs also indicate that 'userd' has been added.