Description
This article describes how to create a user with SMS-based two-factor authentication on FortiGate. The option is not available in the GUI by default, and the setting must be configured from the CLI as follows.
Scope
FortiGate.
Solution
- The option is not available in the GUI by default.
- Configure a user with a two-factor option from the CLI.
config user local
edit test
set two-factor sms
set sms-server <fortiguard | custom>
set sms-phone <phone number of user>
end
end
Note:
Make sure to configure the sms-server and sms-phone options; otherwise, it will not let save the config, and the 'SMS based two-factor authentication' option will not show in GUI. For the sms-server, it is possible to use FortiGuard, or define a custom SMS server under these settings:
config system sms-server
edit <provider> (provider name or any name)
set mail-server <server_name> (provider domain)
end
- The option becomes available in the GUI after the CLI setting is configured.
Note:
In FortiGate v7.2, 7.4, and v7.6, the SMS option is directly available on the GUI. No need to enable it on the CLI:
Make sure that if the SMS as a 2FA is used, a license is required.
Related articles:
