Technical Tip: Removing old FortiToken references from users in bulk

rishab444 · ‎01-27-2025

Description

This article describes how to remove all previous FortiToken references from the users through a script which is essentially helpful in case of RMA when Tokens need to be moved to a new device.

Scope

FortiGate

Solution

Open CLI on FortiGate and access the user list using Fortitoken:

config user local
show | grep -f fortitoken
Copy all the users listed and paste it on Notepad++. The users can be local or remote:
On Notepad++, Access Search -> Replace or Press 'CTRL + H ' and select 'Regular expressions' Search Mode as below:
Replace <set two-factor> with <unset two-factor> as:

Result:

Replace all other lines with a space, leaving the 'Replace with' field empty using the below Regular expressions in the 'Find What' field.

Regular Expression:

set fortitoken "FTKMOB[A-Za-z0-9]{<No. of characters following FTKMOB>}"

Example:

set fortitoken "FTKMOB[A-Za-z0-9]{10}"

After Replacement:

Regular Expression:

set email-to "([^"]*)"

Regular Expression:

set passwd-time.*$

Regular Expression:

set passwd.*$

Remove all the empty lines using the below Regular Expression:

^\s*\r?\n

New Lines.PNG

Remove 'show | grep -f fortitoken' and copy the remaining resulting script and run on the CLI. This will keep the users intact and just disable the FortiToken assigned to each user. The users can now be reassigned the FortiTokens as per the availability and requirements.

Technical Tip: Removing old FortiToken references from users in bulk

You are leaving our website