Hello,
On Forti Authenticator we are sending vpn token through sms to our users, we have 1.100 users on the system, sometimes sms provider goes down and we have to change "Deliver token code by" setting to email manually for all users, as you can imagine it takes long time, i was wondering is there any CLI or API method to change "Deliver token code by" setting for all user at once?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 12-04-2022 02:57 AM Edited on 12-04-2022 03:50 AM
Nice, you managed to brake the first barrier.
Next, you would have to loop through all the users either in Postman or with a Python script.
The URL should be something like below (if Postman is used) where the variable is passed from a list/array with all the users in question, which you got from the previous command, GET.
https://10.0.0.112/api/v1/ldapusers/{{user}}/
L.E. sorry I cant give you more exact examples of what should be done, i'm struggling to get any results returned on my end
Hi,
You could try and reiterate through the API to change/UPDATE the token type for the users.
Here's the doc for LDAP users, assuming they are imported from it.
Did not tried this myself, but it's worth a try.
Thanks i'll take a look
the problem is it returns 403 forbidden no matter what i do, i've followed instructions and enabled webservices for specific user, created and received secret key, tried with postman and curl but result is the same, what am i missing here?
What URL and it which params are you running it ?
Created on 12-02-2022 12:04 PM Edited on 12-02-2022 12:43 PM
My authenticator's ip address is : 10.0.0.112 / guest.mydomain.com
i've tried with below commands ;
curl -k -v -u "myuser:mysecret" https://10.0.0.112/api/v1/?access_token=mysecret&format=json : returns 403
curl -k -H -- "Authorization: Bearer mysecret" "https://10.0.0.112/api/v1/?format=json?access_token=mysecret" : returns 403
Web service access is enabled (please see attached screenshots)
Domain,Username & secret blured and hidden due to security concerns.
I get
{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}
Something is not working, but I'm too tired to dig rn, in the next days.
I hope you rest well man :) Thanks for your time, looking forward to hearing from you
Created on 12-02-2022 01:44 PM Edited on 12-02-2022 01:45 PM
i've progress :)
This settings were disabled so i assume this was causing to forbidden error;
Now enabled it and 403 is gone, but now getting "An error has occured error"
Update : made it worked on postman :)
Using basic auth instead of Oauth2 make the trick, now i can get data from authenticator.
https://10.0.0.112/api/v1/ldapusers/7325425/
{
"token_type": "sms"
}
With above combination(PATCH) i can update user's token delivery method, what i couldn't be able to find is how i can apply this to all 1.100 users at once, i've tried;
https://10.0.0.112/api/v1/ldapusers/
https://10.0.0.112/api/v1/ldapusers/*/
https://10.0.0.112/api/v1/ldapusers/%/
didn't worked, and couldn't find related information in manual, what is the joker character for all users?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.