Help
Customer Service
Customer Service Information and Announcements
msrinivasan
Moderator
Moderator

Created on ‎02-23-2024 05:05 AM Edited on ‎03-28-2025 02:28 AM By Community Manager

Article Id 300987

Customer Service Tip: Two-Factor Authentication (2FA) improvement and enforcement in the FortiCloud Portal

Description This article describes important information worth noting about two-factor authentication in the FortiCloud Portal.
Scope FortiCloud Portal and Single Sign On (SSO).
Solution

Fortinet highly recommends enabling Two Factor Authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give the account the best security.

The FortiToken mobile app is available for customers to download in the Google Play Store (Android) or Apple Store (IOS) depending on the type of device the user owns.

  1. If the user signs up for a new account; 2FA will be enforced for email authentication.

new account.png
  1. When an existing user with email-based authentication tries to update/change the 2FA email address, the following screen appears, recommending the user switch to FortiToken Mobile authentication for optimal security:

    2FA.png

 

  1. If the sub-user has not enabled 2FA in the FortiCloud portal, the users will see the following page when the user logs in to the FortiCloud Portal.

msrinivasan_2-1708692539380.png

 

The user can choose between ‘FortiToken Mobile’ and 'Email Authentication'.

Upon enabling 2FA with FortiToken, customers should download the 'FortiToken Mobile' application from the Google Play Store or Apple Store to scan the barcode sent to customers' email addresses.

 
 

Picture3.jpg

For more information on 2FA for IAM Users, refer to the following documentation: Identity Access Management > Two-Factor Authentication (2FA)


Important Factors:

  1. Fortinet recommends users register for an account using an email address that is associated with the company domain: Use an individual's email address, do not use a generic email address.
  2. Users can always add more users if necessary where access needs to be granted to Partners or other team members or employees within the Organization. The ‘IAM User’ option in the FortiCloud Portal will allow the customer to perform this as well. Refer to How do add an IAM User
  3. Use the self-serve option in the FortiCloud Portal to change the master user email address well in advance in case the current master account departs the company or transfers to a different department. Refer to How to change the master account ID email address
  4. Immediately delete the IAM account of any departing employee to prevent the user from accessing the FortiCloud Portal.

Additional Notes:

In terms of the FortiCloud portal login, any users (both Email users and IAM users) are forced to enable 2FA authentication by one of the following tools:

  1. FortiToken.
  2. Email.
  3. SMS.
  4. Third Party Authenticator App.

 

For further details, refer to the following document: Enabling Two-Factor Authentication | FortiCloud Services 25.1.0 | Fortinet Document Library

 

For 2FA FAQs, refer to Answers to common Two Factor Authentication queries


Refer to Contact Us to call Fortinet's support hotline number if any assistance is required.
 

 
24811
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.