IPSec VPN linked to LDAP and Fortitoken

Forum|Forum|1 year ago
February 6, 2025
3 replies
1506 views

Hello,

I'm working on the use of an AD group to allow VPN Access. Is it possible to manage Fortitoken Mobile by the mean ?

Toshi_Esumi

SuperUser

You just need to define each user at the FGT in local user config and set the type as ldap then bind the token like below:

edit "user_name"
set type ldap
set two-factor fortitoken
set fortitoken "token_s/n"
set email-to "user_email_address"
set ldap-server "ldap_server_name"
next

Toshi

Dhruvin_patel

Staff

Greetings!

I assume you are not using fortiauthenticator.

In this case, use this method to authenticate user with LDAP and use fortitoken as 2FA, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Correctly-configuring-Two-Factor-Authentication/ta-p/191794

Regards!

EricSAuthor

Explorer

Thanks @Dhruvin_patel @Toshi_Esumi for your fast answers, i'll have a look tomorrow. An additional question : I specified in the LDAP link the users' OU. If the VPN Group is in an OU in the same level (i.e. enterprise -> users, enterprise -> groups, ...). Is it possible to use an LDAP filter to read the AD group members ?

Dhruvin_patel

Staff

Yes, it's possible to use an LDAP filter to read the members of an Active Directory (AD) group, even if the VPN group is in a different Organizational Unit (OU) but at the same level.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded