Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
ManpreetSingh
Staff
Staff

Created on ‎09-20-2024 01:13 AM Edited on ‎12-19-2024 10:12 PM By Community Manager

Article Id 342667

Technical Tip: How to configure FortiAuthenticator (FAC) Windows Agent for 2FA Login Using REST API on Windows Devices

Description This article describes how to configure FortiAuthenticator (FAC) to use the REST API for two-factor authentication (2FA) during Windows logins through the FortiAuthenticator Windows Agent.
Scope FortiAuthenticator.
Solution

Step 1: Enable REST API access on the FortiAuthenticator interface.

 

image.png

 

Step 2: Create an API Key for REST API Authentication.

Create an admin account with Full Permission (manual token will not work if assigned with another profile) and enable web service.

 

image (8).png

 

image.png

 

Step 3: Enable 2FA for the users and assign a FortiToken.

Go to Remote-user -> Enable OTP Authentication -> Select FortiToken -> Mobile -> Select the token.

 

image.png

 

Step 4: Install the agent on the Windows device that requires 2FA and add FortiAuthenticator Window Agent configuration.

 

Open the FortiAuthenticator Window agen -> Select Configure and then add the FortiAuthenticator IP or FQDN, Rest API username, and Rest API key copied before.

 

image.png

 

image.png

 

993
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.