Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mflamingos
Staff
Staff

Created on ‎03-09-2016 11:39 AM Edited on ‎03-19-2025 12:24 AM By Community Manager

Article Id 194933

Technical Tip: How to Transfer a Mobile Token to a New Phone or Reassign it to a Different User

Description

 

This article explains how to transfer a FortiToken Mobile to a new phone when a user gets a new device or if their phone is lost or stolen. Additionally, it covers the process of reassigning a FortiToken previously assigned to one user, enabling it to be reused by another user.
 
Scope
 
FortiToken Mobile.


Solution

 

The following steps will permit the transfer of the mobile token to the new phone:
 
For Local User:
  1. Go to User & Authentication -> User Definition and select the user who needs to transfer the token and select 'Edit'.
  2. Disable Two-factor Authentication and select OK. The token will be removed from the user's Two-factor authentication column. The user will also be removed from the token's User column, under User & Authentication -> FortiTokens.
  3. Edit the user again and re-enable 'Two-factor Authentication' with FortiToken as shown below. 
  4. After selecting 'OK', the user should receive an email with the activation code.
 
axscdc.PNG

 

asdad.PNG

 

  1. Check again under User & Authentication -> FortiTokens, the status should now be 'pending'.

 

For Administrator: 

  1. Log in to FortiGate with a super admin account and modify the desired admin account. Browse to System -> Administrators and edit the admin user, then disable the Two Factor authentication.

 

already assigned user.png

 

  1. Confirm that it has been removed. The token will be removed from the admin user's Two-factor authentication column as well as from the token's User column, under User & Authentication -> FortiTokens.
  2. Under System -> Administrators, edit the admin user and re-enable the Two-factor authentication.

 disable2fa.png

 

enabled2fa.png 

  1. Enter the mandatory information and save by selecting 'OK'. It should send an email with a QR code.  If an error message is seen, run the following commands on the FortiGate unit:

 

execute fortitoken-mobile provision <serial-number>
execute fortitoken-mobile renew <serial-number>

 

The activation code will expire after a configurable time period. To configure this time period for FortiToken Mobile tokens (in hours), use the FortiGate CLI.

 

config system global

    set two-factor-ftm-expiry <1-168>

end

 

This value is in hours. Default value = 72.

 

If an activation code email is not being sent, refer to this article to collect debugs: Troubleshooting Tip: Email alert

 

Related articles:

Deactivating a FortiToken - FortiToken documentation.

Configuring FortiTokens - FortiToken documentation.

Technical Tip: FortiGate is not sending a FortiToken activation code

Troubleshooting Tip: Get FortiToken Mobile activation code when activation email is not received

Technical Tip: FortiToken basic troubleshooting

Troubleshooting Tip: FortiToken not showing up when trying to assign it to user  

72204
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.