Check if the license is active by selecting the 'License' option on the FortiCloud portal:

After confirming the license is active, make sure FortiGate has the sync with FortiToken-Cloud portal enabled under global settings:

config system global

    set fortitoken-cloud enable

end

The next step is to check if the sync is working and view the status of the licenses on the FortiGate:

execute fortitoken-cloud show

One logical step is to run the FortiToken-Cloud debug on the FortiGate and then to assign a token to a user account similar to the example below:

diag fortitoken-cloud debug enable

diagnose debug enable

Adding a user:

execute fortitoken-cloud new <username> <remote or local> <vdom>

Example of a possible error:

Failed to add user testuser due to reason(403): "Error ID: 1de7d9cb-6ff0-400b-a338-aeed294ba011, The customer <customer id> run out of resource users quota, total: 3, used: 3, please verify your account's license status at https://ftc.fortinet.com.".
Unable to add user testuser in FortiToken Cloud service
object set operator error, -7710 discard the setting
Command fail. Return code -7710

If the server status is good and the debug is only showing that the quota is reached while there are more available on the same license, it is safe to assume there is a possible issue on the FortiToken-Cloud portal:

FortiToken Cloud service status: licensed, service ready.
Service balance: 22.00 users. Expiration date: yyy-mm-day. Customer ID: <ID number>.
FortiToken Cloud account number of users: 3, max number of users: 25.

One possible cause is the realm configuration on the portal where 'shared-quota setting' may have been disabled, which means it is possible a lower number of tokens was assigned to the FortiGate realm. For more information regarding realm settings on the FortiToken-Cloud portal, see Manage realms.