Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
carabhavi
Staff
Staff

Created on ‎04-20-2020 11:32 PM Edited on ‎08-06-2025 05:41 AM By Moderator

Article Id 195678

Technical Tip: Importing LDAP user and applying two factor email Token

Description


This article describes how to import the LDAP users in FortiGate and apply two-factor email Token via CLI.

 

Scope

 

FortiGate.


Solution

 

Import the user to the FortiGate from GUI.

To import users from LDAP follow these steps:

 

  1. Go to User & Devices -> User Definition and select 'Create New'.
  2. On 'User Type', select 'Remote LDAP user' and select 'Next'.
  3. On 'LDAP Server', Select the LDAP server name and select 'Next'.

  4. Select the User, select '+ Add Selected ' and select 'Submit'.


 
Once the user is imported, it is possible to enable two-factor email Token via the CLI:
 
config user local
    edit TestUser
        set two-factor email
        set email-to "example@example.com"
        set ldap-server "LdapName"
      end

To avoid users authenticating against LDAP directly and bypass two factor email-token, use the command 'set username-sensitivity disable' under user settings. Refer to Technical Tip: Description of CVE-2020-12812 (bypassing two-factor authentication for LDAP users) an... for more information.
6639
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.