Technical Tip: FortiToken-Mobile configuration in detail
Description
This article describes the configuration of 2-factor authentication with the licensed mobile Token.
Scope
FortiGate.
Solution
Step 1: Adding redemption code of licensed mobile Tokens in FortiGate GUI to add the mobile Tokens
- Go to User & Device -> FortiTokens
- Select 'Create New'.
- For Type, select 'Mobile Token'.
- In the activation code field, enter the Activation code from the license (Mobile Redemption Cer.).
Via the CLI:
config user fortitoken
edit <serial_number>
next
edit <serial_number2>
next <----- And so on for more Tokens.
end
If any error occurs with one mobile FortiToken which is part of a particular license, it is possible to delete it and add it again using the license number, without deleting all of the mobile FortiTokens associated with that license.
Step 2: Configure the SMTP server (Custom or default).
Step 3: Assign the FortiToken to a user and configure email address.
Step 4: To activate a FortiToken in the GUI:
- Go to User & Device -> FortiTokens.
- Select the desired FortiTokens that have an Available status.
- Right-click the FortiToken, then select 'Activate'.
- Select 'Refresh'.
The selected FortiToken status will change to Active.
Via the CLI:
config user fortitoken
edit <token_serial_number>
set status activate
end
set status activate
end
The FortiToken will contact the FortiGuard server and validate the license, once done the status would be changed to Active.
Step 5: To activate the Token for the Local user.
- Make sure that the status of the Token is Available.
- Assign the Token to the User:
- Go to: User & devices -> User definition.
Select the particular user needed to be assigned to the Token.
Note:
Make sure that the correct email address is mentioned when this user was created as an Activation code would be sent to that email address.
Edit the User and enable Two-factor authentication
The Tokens available on the FortiGate will be listed in the drop-down list
Select the Token to be assigned to the user.
Now, right-click on the User
Now, right-click on the User
Select 'Send activation code'
Note: The activation code will be sent to the email address, in order to activate the token on the Mobile application.
Via CLI:
config user fortitoken
edit <token serial number>
show full-config
The output of this command will have the Activation code needed to activate the token on the FortiToken Mobile application.
Step 6: To activate the Token on the Mobile application.
Open the application, Add the account, and mention the same as User or any Name, the Application will ask permission for the Camera since on the Email received, there is the activation code as well as a QR-Code that can be scanned to activate. It is possible to use either.
If 'Manually' is selected, enter the Activation code received via email or obtained by the CLI commands.
Now, that the Token is ready to be used, it will generate the 6-digit code that will be required along with the Credentials.
If 'Manually' is selected, enter the Activation code received via email or obtained by the CLI commands.
Now, that the Token is ready to be used, it will generate the 6-digit code that will be required along with the Credentials.
Related articles: