Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Korozo
New Contributor II

Authenticator Token Delivery Method Bulk Change

Hello,

On Forti Authenticator we are sending vpn token through sms to our users, we have 1.100 users on the system, sometimes sms provider goes down and we have to change "Deliver token code by" setting to email manually for all users, as you can imagine it takes long time, i was wondering is there any CLI or API method to change "Deliver token code by" setting for all user at once?

1 Solution
funkylicious

Nice, you managed to brake the first barrier.

 

Next, you would have to loop through all the users either in Postman or with a Python script.

The URL should be something like below (if Postman is used) where the variable is passed from a list/array with all the users in question, which you got from the previous command, GET.

 

 

 

https://10.0.0.112/api/v1/ldapusers/{{user}}/

 

 

L.E. sorry I cant give you more exact examples of what should be done, i'm struggling to get any results returned on my end

 

geek

View solution in original post

geek
14 REPLIES 14
funkylicious
Contributor III

Hi,

You could try and reiterate through the API to change/UPDATE the token type for the users.

Here's the doc for LDAP users, assuming they are imported from it.

Did not tried this myself, but it's worth a try.

geek
geek
Korozo
New Contributor II

Thanks i'll take a look

Korozo
New Contributor II

the problem is it returns 403 forbidden no matter what i do, i've followed instructions and enabled webservices for specific user, created and received secret key, tried with postman and curl but result is the same, what am i missing here?

funkylicious

What URL and it which params are you running it ?

geek
geek
Korozo
New Contributor II

My authenticator's ip address is : 10.0.0.112 / guest.mydomain.com

i've tried with below commands ; 

 

curl -k -v -u "myuser:mysecret" https://10.0.0.112/api/v1/?access_token=mysecret&format=json : returns 403
curl -k -H -- "Authorization: Bearer mysecret" "https://10.0.0.112/api/v1/?format=json?access_token=mysecret" : returns 403

 

Web service access is enabled (please see attached screenshots)

006.png007.png008.png

009.png

Domain,Username & secret blured and hidden due to security concerns.

funkylicious

I get

{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}

 

Something is not working, but I'm too tired to dig rn, in the next days.

geek
geek
Korozo
New Contributor II

I hope you rest well man :) Thanks for your time, looking forward to hearing from you

Korozo
New Contributor II

i've progress :)

This settings were disabled so i assume this was causing to forbidden error;

001.png

Now enabled it and 403 is gone, but now getting "An error has occured error"

002.png003.png

004.png

Korozo
New Contributor II

Update : made it worked on postman :)

Using basic auth instead of Oauth2 make the trick, now i can get data from authenticator.

 

https://10.0.0.112/api/v1/ldapusers/7325425/

 

{
"token_type": "sms"
}

With above combination(PATCH) i can update user's token delivery method, what i couldn't be able to find is how i can apply this to all 1.100 users at once, i've tried;

https://10.0.0.112/api/v1/ldapusers/

 

https://10.0.0.112/api/v1/ldapusers/*/
https://10.0.0.112/api/v1/ldapusers/%/

didn't worked, and couldn't find related information in manual, what is the joker character for all users?

Labels
Top Kudoed Authors