I couldn't find any article clearly saying either "not possible" or "how to do it" online so far. But most of our FortiToken Mobile users who tried migrating from an old phone to a new phone told me a migration didn't work. So we always reactivate a token again.
Recently one iPhone user who tried to migrate to a new iPhone told me the migration itself worked and she could use the 6-digit token code to get connected from the new phone. However, she never be able to get a push-notification.
I found one discussion at Stackoverflow saying it involves a certificate and the "transfer" option at the app doesn't transfer it. But again, I couldn't find any from FTNT backing up the claim.
Is it possible transfering FTM app w/ assigned tokens to a new phone with ability to get a notification? And if so, how should we do it?
Thanks,
Toshi
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I got excellent support from TAC. Arguably one of the bests for last 15 years.
First, this transfer process between FTMs and FortiCare/FortiGuard and FAC with the latest FAC versions like 6.4.8 and 6.5.3 is described in the admin guide:
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/911252/tokens
The exact situation my two phones had fell into was the token(s) was transferred to the new phone but the notification was still sent to the old phone because I transferred it back to the original phone before FAC's next 5 min interval FTM polling happens. To avoid this from happening, I could have click "Refresh FTM" button in FAC's Authentication->User Management->FortiTokens page. The token status was apparently still "Pending" when I triggered the 2nd transfer.
Also the TAC person cleared my doubt about transferring Tokens from a deactivated phone. As long as it has internet connection via WiFi, it should work fine.
Toshi
Hello @Toshi_Esumi ,
Thank you for contacting the Fortinet Forum portal,
As suggested links by my colleague, you can use them they should show you the push notification as well.
Also, refer below links
the third-party article also shows similar steps
https://alamocolleges.screenstepslive.com/a/1519443-transferring-your-fortitoken-to-a-new-device
For troubleshooting push notification issue :
Hope all these links help further analysis.
Best Regards,
Manasa.
The FAC configuration to allow transfer seems to be what exactly I configured. But I didn't know the tranfer code would be sent out from the FAC not generated by the old phone's FTM app.
For the debugging method, I unfortunately don't have two smartphones to test a transfer, so I have to wait the next person who needs to do that and get cooperation to find out what is causing a tranfer to fail. This is not as easy as you would imagine. Without SSL VPN they can't do anything and want to get a new activation code re-sent right away, which we know always works. It requires a good luck to find someone who is very patient and who happens to need to have gotten a new phone.
Toshi
Not sure which platforms, but I did migration between Apple iPhone models 4S and 8 few years ago and it was surprisingly very smooth. As FortiToken Mobile app and all the tokens inside simply migrated via iCloud backup to the new phone and there was no need to do anything on any Forti* side.
Authentication kept working as expected.
Have no experience with Android platforms, or Android to Apple or vice verso migrations.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Created on 10-09-2023 09:01 AM Edited on 10-09-2023 03:02 PM
Hi @Toshi_Esumi
This feature is enabled on FAC and it is tested and everything works smoothly.
After hitting transfer, the user will receive a new email with a QR activation and after activation the authentication will work perfectly fine for the user as far as the Fortitoken SN will not be changed. User will still have the same Fortitoken SN.
BR
Finally, I decided to get another smartphone (iphone) to test this token transfer from an android phone myself. And transferring them back. Below screenshots were when I tranfered two tokens back to the android.
android FTM: 5.3.3.0086
iphone FTM: 5.4.3.0123
Those phones have different phone numbers.
1. Initiate a transfer at iphone
2. Then hit "OK" at iphone
3. I got a transfer activation email at this point, so tried activate it with android, then failed. I'm now guessing our users might have encountered this then gave up.
4. Finally I hit "Proceed" on iphone then scan the QR code again with android to complete the transfer
Now I'm confident it would work if both phones are active. But most transfers happen when users get a new phone to replace the old one. At that time, the old phone's cell service (phone number) is already transferred to the new phone.
Does this transfer process still work when the initiating phone doesn't have a cell service? Means, can this transfer be initiated over WiFi internet?
Toshi
Besides the question above, after I moved the tokens back to my Android, the push notification doesn't work any more, which similar to what was reported by one of users. My FTM app on the Android has another token with one of our FGTs for VDOM admin login. So I didn't uninstall and reinstall the app. That might be triggered this problem.
Since I have the environment to show, I'll open a TAC case for this part.
Toshi
I got excellent support from TAC. Arguably one of the bests for last 15 years.
First, this transfer process between FTMs and FortiCare/FortiGuard and FAC with the latest FAC versions like 6.4.8 and 6.5.3 is described in the admin guide:
https://docs.fortinet.com/document/fortiauthenticator/6.5.3/administration-guide/911252/tokens
The exact situation my two phones had fell into was the token(s) was transferred to the new phone but the notification was still sent to the old phone because I transferred it back to the original phone before FAC's next 5 min interval FTM polling happens. To avoid this from happening, I could have click "Refresh FTM" button in FAC's Authentication->User Management->FortiTokens page. The token status was apparently still "Pending" when I triggered the 2nd transfer.
Also the TAC person cleared my doubt about transferring Tokens from a deactivated phone. As long as it has internet connection via WiFi, it should work fine.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.