| Description |
This article describes emergency Tokens functionality. |
| Scope |
FortiAuthenticator. |
| Solution |
Emergency code is a feature available on FortiAuthenticator when using the FortiAuthenticator Windows agent to log into a Windows machine with OTP.
This is used to login to a Windows machine when the user does not have internet access. Ensure Offline Token is configured on the FortiAuthenticator and FortiAuthenticator Windows agent to use this functionality.
After that, enable emergency codes under 'FAC' Agent Offline FortiToken support in Authentication -> User Account Policies -> Tokens. The validity of the emergency code can be set here.
Enable Emergency Code on the user under Authentication -> User Management -> Remote Users or Local Users. This can be sent by Email or SMS.
If the user does not have access to email or SMS, select Display Emergency Code to show the code on the FortiAuthenticator. Use this code as OTP to log in to the Windows machine.
For first-time login, use the FortiToken code provided by FortiToken mobile for this to work as this will inject the offline token and emergency token. Ensure the machine can reach the FortiAuthenticator.
To confirm the emergency token is available, the Offline Tokens will show the Validity Date on the machine.
The FortiAuthenticator agent should not be used to simulate authentication with an emergency Token. The result is always a failure, so this is normal.
Log in to the machine and always use the emergency Token. When the user logs in again to the machine using the FortiToken code provided by the FortiToken mobile application, it will disable the emergency Token. |
