1. Adjust provisioning settings: Under System → Auth → User Account Policies → Tokens, change FortiToken Mobile Provisioning Time Step from the default 60 sec to 30 sec. This is a global setting, and all provisioned tokens will use 30 sec going forward.

2. Switch the Token to third-party provisioning mode, and a couple of General API usage are required, as shown below.

• Retrieve the ID of a user:

curl -k -v -u "api-adm:NlLLwXApSkRCrmrkg3TYV" -H 'Accept: application/json' "https://10.5.20.234/api/v1/localusers/?format=json&username=test_user3"

• Example response snippet:
  
  

..."id": 95,..."username": "test_user3"}]}

• With the user ID, provision a token serial number (SN):

curl -k -v -u "api-adm:NlLLwXApSkRCrmrkg3TYV" -X PATCH -d ' {"token_type":"ftm","token_auth":"true","token_serial":"FTKMOB444A28C1E8"}' -H 'Content-Type: application/json' https://10.5.20.234/api/v1/localusers/95/?returnseed=2 

3. Verify Token provisioning in the FortiAuthenticator admin GUI: Navigate under System → Auth → User Mgmt → Local Users. The Activation delivery method should now be a Third-party app.

4. Select Validate Token to confirm the setup.
5. Provision with Google or Microsoft Authenticator:

• Scan the QR code to complete the setup.
• Alternatively, if QR code provisioning is not possible, use the Token SN as the account name and the Activation Code as the key/seed/secret to manually provision it.

6. Activate the Token: Input the generated code and select 'Submit'. Scroll down and select 'Save'.

7. Check Auth → User Mgmt → FortiTokens, Token status is now Assigned:

FTKMOB444A28C1E8 FortiToken Mobile (3rd-party app) Assigned 2025-06-09T08:04:30 Local: test_user3 TOTP 6 -1 30