Description
This article describes how to resend activation codes for mobile FortiTokens registered on a FortiAuthenticator or FortiGate.
Useful links:
Fortinet Documentation.
Add FortiToken multi-factor authentication
User creation and token assignment
Token management, creation and import
Scope
FortiAuthenticator.
Solution
FortiAuthenticator can be used to assign mobile FortiTokens (and hardware tokens) to users instead of FortiGates, meaning that the same user can use the same token across multiple FortiGates.
When mobile tokens are assigned to a user, this should trigger an authentication code being sent via SMS or email, depending on the FortiAuthenticator configuration and user information.
The user then has a few hours to activate the token with the code before it expires.
Should the activation code expire (or be deleted in the phone), a new activation code can be sent without needing to revoke and re-assign the token:
- Go to: Authentication -> User Management -> FortiTokens.
- Edit the token assigned to that user. It should be in a 'Pending' state.
- Select 'Re-start Activation'.
- A new activation code will be sent.
- Go to: User & Device -> User Definition.
- 'Right-click' on the user.
- Select 'Send Activation Code'.
- A new activation code will be sent.
Ornstein-kvm40 (local) # edit "guest"
Ornstein-kvm40 (guest) # show
config user local
edit "guest"
set type password
set two-factor fortitoken
set fortitoken "FTKMOB162CE428C5"
set email-to "sadsadad@edadasd"
set passwd ENC YRaEoEEs7En1v5NnwLRkpXn5llmVD4un83V8CijzYTOV5ka9IhB/gcTE/qEceiZn03jvpno4**bleep**72CWaDZQxSbj894mdhy0czE/uLjs8SS9VLRm9xyV7TVJBVLxwdPATZDpd8JC+XsiNzeNyPdu0nYX5DP6cB4IvCBNC6XIBKbV5bs5/cu7ge8pg0kqjKJ2FhDui3w==
next
end
Note:
Now it is also possible to assign the cloud Token by a 'right-click' on the user. Previously in older versions, this option was not available. Users must have a valid email address in the configuration.
