If multiple hardware tokens are needed to be added at once, it is possible to activate all the tokens in a single import using the seed file.

If running on v7.6.3, v7.6.4, and v7.6.5 and activating the hardware tokens using the serial number returns with 'cmdb save error' status, a workaround is to use the seed file to import the tokens.

The token seed file can be obtained by contacting Fortinet Customer Service following this guide: Technical Tip: Process for requesting token seed files for hardware FortiTokens.

Once the seed file has been provided, activate the hardware tokens on the FortiGate GUI:

1. Go to User & Authentication -> FortiTokens.

2. Under Local tokens -> Create New -> Select Type as Hard Token -> Import.

3. Select the Seed File and upload the provided seed file.

To import via the FortiGate CLI with a TFTP server:

execute fortitoken import tftp <file-name> <tftp-server>

To import via the FortiGate CLI with FTP server:

execute fortitoken import ftp <file-name> <ftp-server> <user> <password>

Post-Import steps (Common to All Methods):

Assign the token: Edit a user in User & Authentication -> User Definition -> Enable Two-factor Authentication -> Select the FortiToken.
Verify: Check User & Authentication -> FortiTokens for status (Assigned, drift/time sync, etc.).
Use the diagnostic command 'diag fortitoken info' to check status.

Related article:

Technical Tip: Resolving CMDB save errors for hardware FortiToken on FortiGate