|
Fortinet has enabled two-factor authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give accounts the best security.
Changing Two-Factor Authentication.
Take the following steps to change the 2FA to FortiToken:
- Download the FortiToken application on Google Play or the Apple Store.
- Take the following steps to enable 2FA:
- Open https://support.fortinet.com and log in.
- Select Account at the top-right of the portal and select Security Credentials.
- Select Two Factor Authentication in the navigation pane to open the Two Factor Authentication page.
- Slide the button to change the 2FA to FortiToken
- Verify the account password and select Submit.
- Select Test Token Now to verify 2FA has been enabled.
- Enter the security code and select Submit.
Note: A dialog opens if the test is successful.
- Log in using the proper credentials and use FortiToken to verify the account.
This applies to master, sub-user, IAM user, and any Organizational Unit user.
Two-Factor Authentication FAQ.
Q: Why is Fortinet enforcing 2FA on FortiCloud accounts?
A: Fortinet is committed to ensuring the highest level of security for customers. Due to the ever-evolving threats, the priority is to ensure accounts have the highest level of security. By adding 2FA, users can prevent access from bad actors from gaining access to Fortinet accounts.
Q: Is that possible to continue to use a shared account to access support.fortinet.com?
A: Fortinet does not recommend sharing accounts. A shared account is not a secure account. It is recommended to use IAM users to share access to the account. IAM users allow access to the FortiCloud account without sharing passwords, providing robust permission management and access control. Review the following document to configure IAM: Identity & Access Management (IAM).
For those who wish to use a shared account with Email OTP, all users will need to have access to the mailbox.
Please be advised: This creates a single point of access for a bad actor. This is not recommended.
Q: Are other third-party 2FA available?
A: Enabling Two-Factor Authentication | FortiCloud Services 25.1.a | Fortinet Document Library
Q: Can 2FA be disabled for an account?
A:2FA will be automatically enabled, requiring access to the mailbox to receive the token when logging in.
Security is Fortinet’s business, and securing customers, including people, devices, and data, is Fortinet's mission. Threat actors are constantly trying to get ahead of Fortinet and have been seen to actively collect credentials from clients using methods such as keystroke loggers. Once these threat actors have credentials, they have access to services responsible for securing the client's network – access stopped only by a second factor authentication step. Fortinet’s mission is to stay ahead of that and 2FA is critical to stay ahead of this form of attack. As such, 2FA is enforced universally and cannot be disabled.
Q. Why is the user not receiving the code when the screen mentions 'Input Security Code'?
A. Add the token email to the Safe Senders list. The email to add is noreply@fortinet-notifications.com
- Avoid using bookmarks of previous/saved login sessions.
- Check email filtering and spam (contact the company IT/email administrator).
- Try entering the password manually.
Q. How can a User switch authentication method for the FortiCloud Support portal?
A. Users can log in to the FortiCloud Support portal to switch user authentication methods for ease and better security.
Select the new authentication method and update: FortiToken, Email, SMS, and 3rd party authentication application.
Two-Factor Authentication Articles and Documents.
|
