- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAuthenticator: Disable Push Notification for Local Administrator Accounts
Hey everyone, hoping for your inputs on this.
From the title itself; we have local users that are administrators for FortiAuthenticator GUI/CLI. Tese local users have FTM attached/enable on them. We want to disable Push notifications for these users; requiring them to manually code-in the OTP
Appreciate any ideas/inputs
Solved! Go to Solution.
- Labels:
-
FortiAuthenticator v5.5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi FriedBacon,
I don't have a good answer, you might need some more breakfast with eggs though :)
You cannot disable the push by a click, that is only possible for the users that authenticate through radius policies.
The push however is just a connection from FortiAuthenticator to a proxy server we use, push.fortinet.com, and then to Apple/Google. Finally it pops up on the phone.
If you were to disable that connection, push messages would not be sent anymore - for any user.
If this is a way to go with - create on the FortiGate or firewall an address object for "push.fortinet.com" and a policy that is set to block traffic to that address object.
Best regards,
Markus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi FriedBacon,
I don't have a good answer, you might need some more breakfast with eggs though :)
You cannot disable the push by a click, that is only possible for the users that authenticate through radius policies.
The push however is just a connection from FortiAuthenticator to a proxy server we use, push.fortinet.com, and then to Apple/Google. Finally it pops up on the phone.
If you were to disable that connection, push messages would not be sent anymore - for any user.
If this is a way to go with - create on the FortiGate or firewall an address object for "push.fortinet.com" and a policy that is set to block traffic to that address object.
Best regards,
Markus
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks @Markus_M this is what I was afraid of.
This honestly needs to be a feature; one such scenario this is needed is push notif is only enabled for users, but requiring admins of network devices to manually code-in the OTP
