Fortinet has enabled two-factor authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give accounts the best security.

Changing Two-Factor Authentication.

Take the following steps to change the 2FA to FortiToken:

1. Download the FortiToken Mobile application on Google Play or the Apple Store.
2. Take the following steps to enable 2FA:
   1. Open https://support.fortinet.com and log in.
   2. Select Account at the top-right of the portal and select Security Credentials.
   3. Select Two Factor Authentication in the navigation pane to open the Two Factor Authentication page.
   4. Slide the button to change the 2FA to FortiToken
   5. Verify the account password and select Submit.
   6. Select Test Token Now to verify 2FA has been enabled.
   7. Enter the security code and select Submit.
      Note: A dialog opens if the test is successful.
   8. Log in using the proper credentials and use FortiToken to verify the account.

This applies to master, sub-user, IAM user, and any Organizational Unit user.

Two-Factor Authentication FAQ.

Q: Why is Fortinet enforcing 2FA on FortiCloud accounts?

A: Fortinet is committed to ensuring the highest level of security for customers. Due to the ever-evolving threats, the priority is to ensure accounts have the highest level of security. By adding 2FA, users can prevent access from bad actors from gaining access to Fortinet accounts.

Q: Is that possible to continue to use a shared account to access support.fortinet.com?

A: Fortinet does not recommend sharing accounts. A shared account is not a secure account. It is recommended to use IAM users to share access to the account.  IAM users allow access to the FortiCloud account without sharing passwords, providing robust permission management and access control. Review the following document to configure IAM: Identity & Access Management (IAM).

For those who wish to use a shared account with Email OTP, all users will need to have access to the mailbox.

Please be advised:  This creates a single point of access for a bad actor. This is not recommended.

Q: Are third-party 2FA methods available?

A: Yes, see Enabling Two-Factor Authentication | FortiCloud Services 25.1.a | Fortinet Document Library

Q: Can 2FA be disabled for an account?

A: 2FA is enforced universally and cannot be disabled.

Q. Why is the user not receiving the code or push when the screen mentions 'Input Security Code'?
A. Add the token email to the Safe Senders list. The email to add is noreply@fortinet-notifications.com

• Avoid using bookmarks of previous/saved login sessions.
• Check email filtering and spam (contact the company IT/email administrator).
• If FortiToken or other authenticator app is used, enter the OTP manually.

Q. How can a User switch authentication method for the FortiCloud Support portal?

A. Users can log in to the FortiCloud Support portal to switch user authentication methods for ease and better security. 

Select the new authentication method and update: FortiToken, Email, SMS, and third-party authentication application. 

Two-Factor Authentication Articles and Documents.