Description
This article describes how to move FortiToken Mobile between VDOMs.
Scope
FortiToken.
Solution
- Ensure the FortiToken mobile to move is not assigned to any user.
- Note down the Serial Number of the FortiToken to move to a different VDOM.
- Delete the token from the current VDOM using the following CLI commands.
config vdom
edit <source_vdom_name>
config user fortitoken
delete <FortiToken_Serial_Number>
end
end
-
Import the FortiToken to the new VDOM using the below CLI commands.
conf vdom
edit <destination_vdom_name>
conf user fortitoken
edit <FortiToken_Serial_Number>
end
end
-
Once FortiToken Mobile has been moved to a new VDOM, it will be possible to assign it to users in the new VDOM, as usual, using either GUI or CLI.
conf user local
edit vpn_user
set email-to <user_email_address>
set two-factor fortitoken
set fortitoken <FortiToken_Serial_Number>
next
end
In this example, FortiToken Mobile with serial number FTKMOB8A1020XXXX will be moved from VDOM 'root' to VDOM 'test'. User 'vpn_user' will be then created and assigned to the migrated FortiToken FTKMOB8A1020XXXX.
config vdom
edit root
config user fortitoken
delete FTKMOB8A1020XXXX
end
end
conf vdom
edit test
conf user fortitoken
edit FTKMOB8A1020XXXX
end
end
conf user local
edit vpn_user
set email-to user@example.com
set two-factor fortitoken
set fortitoken FTKMOB8A1020XXXX
next
end
Note:
In the case there is no SMTP server configured for FortiToken activation code delivery, the activation code is stored in CLI and visible with:
show user fortitoken <FortiToken_Serial_Number> | grep activation-code
