Description
This article describes how to automatically assign FortiToken Mobile authentication to all active directory users.
Scope
FortiAuthenticator 6.4.
Solution
First of all, create an LDAP server. This article uses a Windows server 2019 system. The user is an administrator user with admin privileges on query elements from the LDAP server.
Navigate to Authentication > User Management > Remote User Sync Rules > Create New.
Under OTP method assignment priority, enable FortiToken Mobile (assign an available token) under the sync rule. It's possible to drag and drop OTP methods.
Save the remote sync rule settings and run a Manual Sync.
Logs will detail everything about sync rules and imported users:
level="information" nas="" action="" status="" msg="Successfully synced (rule: TAC-SUPP) with DC-boss on Thu Nov 3 14:18:33 2022." user=""
level="information" nas="" action="" status="" msg="Found 0 modified FTC users for sync (rule: TAC-SUPP) with DC-boss (10.0.0.100)" user=""
level="information" nas="" action="Add" status="" msg="Successfully assigned token to matanaskovic (rule: TAC-SUPP) @ DC-boss (10.0.0.100) with FortiToken Mobile ("FTKMOB0A8ABCXZY!") token-based authentication." user="matanaskovic"
level="information" nas="" action="Edit" status="" msg="Edited Remote LDAP User: matanaskovic (changed fields: FortiToken)" user="admin"
level="information" nas="" action="" status="" msg="Assigning remote LDAP user matanaskovic with FortiToken Mobile FTKMOB0A8ABCXZY!, activation code EEIJ************." user=""
level="information" nas="" action="" status="" msg="smtp mail: send to testtest@mail.com via localhost:25 ok" user="admin"
level="information" nas="" action="Add" status="" msg="Added Remote LDAP User: matanaskovic" user="admin"
level="information" nas="" action="" status="" msg="Retrieved 1 user(s) from the remote LDAP server "DC-boss (10.0.0.100)". (sync rule: TAC-SUPP)" user=""
level="information" nas="" action="" status="" msg="Performing remote LDAP user sync (rule: TAC-SUPP) with DC-boss (10.0.0.100)." user=""
To verify the logs are accurate, check to ensure each user is automatically assigned with FortiToken Mobile authentication:
Related articles:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.