Note:

This article assumes that there is administrative access or equivalent access to the FortiGate at the time of deleting the existing token from the mobile device.

1. Delete the existing token from the FortiToken mobile app: Open the app on the Android/iPhone. Then, select the three dots located in the top right corner.

2. Select Manage and press the red X next to the FortiToken Serial Number.

3. At this stage, the FortiToken Serial Number has been removed from the FortiToken app. Go to User & Authentication -> User Definition to send the email to receive the QR code to register the FortiToken in the new device.

4. Once the user has been selected, select 'Send Activation Code Email'.

5. If FortiGate fails to send the activation code email, disable the 'Two-factor Authentication' toggle button and re-enable it. Choose the same or another available FortiToken, and get the email.
   
6. Open the QR code file in the FortiToken app on the new phone and scan the given QR code. The token should have been migrated to the new phone device:

Additional note:

There are instances when FortiAuthenticator is used instead of FortiGate for remote authentication. As such, if the remote user wants to migrate a mobile FortiToken from an old phone to a new one on FortiAuthenticator, not FortiGate, navigate to Authentication -> User Management -> Remote Users -> Enable One-Time Password (OTP) authentication -> FortiToken -> Mobile > Email on FortiAuthenticator, as shown below:

Open a TAC case if further assistance is required.