FortiGate Users and FortiTokens are managed in FortiManager ADOM DB (Policy & Objects) and cannot send or resend FortiToken activation email directly.

The solution is to use the FortiManager script.

In FortiManager Device Manager -> Scripts -> Create New: Set run on 'Remote FortiGate Directly (via CLI)' and use the command below:

• For Mobile Token:

execute fortitoken-mobile renew <FortiToken-Serial>

• For hardware Token:

execute fortitoken activate <FortiToken-Serial>

To manually check the FortiToken activation code (can be found in FortiGate CLI only) use a Tcl script to fetch it from the FortiGate:

Enable the Tcl script option in FortiManager:

config system admin setting

(setting) set show_tcl_script enable

(setting) end

Go to Device Manager -> Scripts, select type TCL Script and select 'Create new'.

Create the following TCL script:

#! /usr/bin/tclsh

# --- user options ---
set vdom "root" ;# default set to 'root', change if needed
set token_serial "" ;# e.g. "FTK20B0XXXXX"; leave empty to show all
# ---------------------

proc do_cmd {cmd} {
# Send the command and wait for '#' prompt
puts [exec "$cmd\n" "# "]
}

# Get system status with a 15s timeout
set status [exec "get system status\n" "# " 15]

# Detect VDOM status
if {[regexp {Virtual domain configuration: disable} $status]} {
set vdom_enabled false
} else {
set vdom_enabled true
}

# Enter VDOM if enabled
if {$vdom_enabled} {
do_cmd "config vdom"
do_cmd "edit $vdom"
}

# Show FortiToken configuration (optionally filtered by serial)
if {$token_serial eq ""} {
do_cmd "show full-configuration user fortitoken"
} else {
do_cmd "show full-configuration user fortitoken $token_serial"
}

return

Related documents:

Scripts

Technical Tip: FortiToken email activation via FortiGate shows Failed to send activation code error