FortiToken Mobile is an application for iOS or Android that acts like a hardware token but utilizes hardware the majority of users possess, a mobile phone.
Certain models of hardware FortiToken can be purchased and used as a generic hardware token in other authentication platforms such as Okta, Duo, Azure, etc.
In order to use a hardware FortiToken in another the token seed file must be obtained from Fortinet Customer Service. This article describes what is needed to obtain the seed file for the hardware tokens.
Scope
Hardware FortiTokens.
Solution
Purchase a compatible hardware FortiToken.
Consult the local Fortinet sales team or Fortinet partner on what hardware tokens options are currently available.
Once hardware Tokens are received, open a ticket with Fortinet Customer Service (CS) with the following:
Express desire to obtain the seed files for hardware FortiTokens.
List of FortiToken serial numbers.
Purchase/Sales order number.
Reach out to the Fortinet partner or local Fortinet sales team for this if needed.
Once validated, CS will ask which format to provide the seed files in. As of the time this article was last updated, the available formats include:
Okta.
Duo.
MS Azure.
Centrify.
FortiGate/FortiAuthenticator FTK200CD.
CS will generate the seed file and it will be automatically generated and sent via email by the system
The email subject title will be 'Your FortiToken Seed File has been created for [chosen format]'
Attachment will be in the email and is a Zip File that is password protected
Check Spam/Junk folders if the email is not being received
Since the email is system-generated, it may take some time to arrive
Once the seed file is delivered call in to the support line to verbally receive the password for the zip file. The password will not be provided via email.
Unzip the file to access the the actual seed file which contains the secret key for each token.
A compatible unzipping utility (such as 7-Zip) may be required to provide the password during the unzipping process
There may be an error if trying to use the built-in unzipping utility in Microsoft Windows
macOS natively should be able to unzip the file and allow the user to provide the password
This info can can now be uploaded to the authentication platform of choice
Be aware:
Fortinet notes that by making FortiToken seed files available through this service, Fortinet is complying with the request and disclaims any later changes related to this FortiToken. If the FortiToken is used in a third party MFA server, Fortinet is not responsible for any support related to such changes. Fortinet disclaims in full any guarantees or liability related to the requested change as it is outside the scope of the intended use of FortiToken. Fortinet further disclaims any liability for damages directly or indirectly caused by operating the tokens in a production environment in a third party MFA server.
