Technical Tip: How to activate FortiToken manually for admin account
Description
This article describes how to activate a FortiToken manually when the user did not receive the activation email/SMS for the admin account. The same applies to non-admin users.
Scope
FortiGate, FortiToken.
Solution
From the GUI:
- Go to System -> Administrator, create a new admin account, and enable 'two-factor'.
- Under Logs & Reports -> Events -> System Events, Filter for 'Log Description = Token activation code sent'. In version 7.2 and above, Go to Log & Report -> System Events -> General System Events -> Filter for 'Log Description = Token activation code sent'. Under Log Details -> Message, the activation code will be visible.
Note:
The activation code is obfuscated in the system event from v7.6.3 onwards:
- Download and install the FortiToken application on the mobile phone. Open the FortiToken application and select 'Enter Manually'.
In newer versions, select the + sign at the top right and select 'Enter Manually' at the bottom.
- Select 'Fortinet Account' and enter the email ID and the activation code.
The activation code can also be viewed in the CLI:
config user fortitoken
edit "FTKMOB6549A91140"
set license "FTMTRIAL01185372"
set activation-code "EEIMI3ZFJEC2CCPL"
set activation-expire 1589636215
set reg-id "f6t6cMVZI5c:APA91bFzxmvYzcIOWTYh19riSxQGVWxbA7f4nzmAXuyaZM_BBnO3DX_PLpuzzAdCCwx1khhkv24HyohRIF73AgiRpPsZiTNPfkI2aNuPV6M0AtvBBOi7vxKMGO7hlM0P_UFi8y5lpZsJ"
set os-ver "4.7.1.0100_AND"
next
Note:
The validity of this FortiToken activation code is exactly 3 days from the time the FortiToken was provisioned to the admin user. If the admin user is unable to activate the FortiToken after the provisioning period, the next option is explained in this KB article: Troubleshooting Tip: Admin user lost FortiToken / Token is not working
Related article:
Troubleshooting Tip: Get FortiToken Mobile activation code when activation email is not received