Customer Service
Customer Service Information and Announcements
msrinivasan
Moderator
Moderator
Article Id 300987
Description This article describes important information worth noting about two-factor authentication in the FortiCloud Portal.
Scope FortiCloud Portal and Single Sign On (SSO).
Solution

Fortinet highly recommends enabling Two Factor Authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give the account the best security.

The FortiToken mobile app is available for customers to download in the Google Play Store (Android) or Apple Store (IOS) depending on the type of device the user owns.

  1. If the user signs up for a new account; 2FA will be enforced for email authentication.

new account.png
  1. When an existing user with email-based authentication tries to update/change the 2FA email address, the following screen appears, recommending the user switch to FortiToken Mobile authentication for optimal security:

    2FA.png

 

  1. If the sub-user has not enabled 2FA in the FortiCloud portal, the users will see the following page when the user logs in to the FortiCloud Portal.

msrinivasan_2-1708692539380.png

 

The user can choose between ‘FortiToken Mobile’ and 'Email Authentication'.

 

** Upon enabling 2FA with FortiToken, customers should download the 'FortiToken Mobile' application from the Google Play Store or Apple Store to scan the barcode sent to customers' email addresses.

 
 

Picture3.jpg

For more information on 2FA for IAM Users, refer to the following documentation: Identity Access Management > Two-Factor Authentication (2FA).


Important Factors:

  1. Fortinet recommends users register for an account using an email address that is associated with the company domain: Use an individual's email address, do not use a generic email address.

  2. Customers can always add more users if necessary where access needs to be granted to Partners or other team members or employees within the Organization. The ‘IAM User’ option in the FortiCloud Portal will allow the customer to perform this as well. Refer to How do add an IAM User.

  3. Use the self-serve option in the FortiCloud Portal to change the master user email address well in advance in case the current master account departs the company or transfers to a different department. Refer to How to change the master account ID email address.

  4. Immediately delete the IAM account of any departing employee to prevent the user from accessing the FortiCloud Portal.

For 2FA FAQs, refer to Answers to common Two Factor Authentication queries.


Refer to Contact Us to call Fortinet's support hotline number if any assistance is required.