|
Fortinet highly recommends enabling Two Factor Authentication (2FA) to ensure the security of customers’ accounts. FortiToken is the recommended 2FA method to give accounts the best security.
Enabling Two-Factor Authentication.
Take the following steps to set up 2FA:
- Download the FortiToken application on Google Play or the Apple Store.
- Take the following steps to enable 2FA:
- Open https://support.fortinet.com and log in.
- Select Account at the top-right of the portal and select Security Credentials.
- Select Two Factor Authentication in the navigation pane to open the Two Factor Authentication page.
- Select Edit and Enable Two 2FA Factor Authentication.
- Select the 2FA option of FortiToken.
- Verify the account password and select Submit.
- Select Test Token Now to verify 2FA has been enabled.
- Enter the security code and select Submit.
Note: A dialog opens if the test is successful.
- Log in using the proper credentials and use FortiToken to verify the account.
This applies to master, sub user, IAM user, and any Organizational Unit user.
Two-Factor Authentication FAQ.
Q: Why is Fortinet enforcing 2FA on FortiCloud account?
A: Fortinet is committed to ensuring the highest level of security for customers. Due to the ever-evolving threats, the priority is to ensure accounts have the highest level of security. By adding 2FA, users can prevent access from bad actors from gaining access to Fortinet accounts.
Q: Is that possible to continue to use a shared account to access support.fortinet.com?
A: Fortinet does not recommend sharing accounts. A shared account is not a secured account. It is recommended to use IAM users to share access to the account. IAM users allow access to the FortiCloud account without sharing passwords, providing robust permission management and access control. Review the following document to configure IAM: Identity & Access Management (IAM).
For those who wish to use a shared account with Email OTP, all users will need to have access to the mailbox.
Please be advised: This creates a single point of access for a bad actor. This is not recommended.
Q: Why is it currently not possible to configure Email 2FA?
A: At this time, email can only be configured under IAM users. As of June 7th, email as a 2FA option will be available for all users.
Q: Are other third-party 2FA available?
A: Currently, the only supported 2FA are FortiToken and Email OTP, but future updates may offer additional methods of 2FA.
Q: When will 2FA be enforced?
A: 2FA will roll out in stages to reduce the impact to customers all at once. Email notifications and weekly reminders will be sent, beginning 30 days before 2FA enforcement. Enforcement will start with the first batch on June 7th 2024.
Q: What happens if 2FA is not set before the deadline?
A: Email 2FA will be automatically enabled, requiring access to the mailbox to receive the token when when logging in.
Q: Can 2FA be disabled for an account?
A: Security is Fortinet’s business and securing customers, including people, devices, and data, is Fortinet's mission. Threat actors are constantly trying to get ahead of Fortinet and have been seen to actively collect credentials from clients using methods such as keystroke loggers. Once these threat actors have credentials, they have access to services responsible for securing the client's network – access stopped only by a second factor authentication step. Fortinet’s mission is to stay ahead of that and 2FA is critical to stay ahead of this form of attack. As such, 2FA will be enforced universally.
Q: What happens if 2FA is already set?
A: No actions are necessary, as the account is already secure.
Q: Will 2FA be enforced on new accounts?
A: As of June 7th, all new FortiCloud accounts will require 2FA. By default it will be configured for the email address used to create the account.
Q. Is the customer using Outlook?
A. If yes, please add the token email to the Safe Senders list. The email to add is noreply@fortinet-notifications.com
Two-Factor Authentication Articles and Documents.
|
