Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FriedBacon
New Contributor II

FortiAuthenticator: Disable Push Notification for Local Administrator Accounts

Hey everyone, hoping for your inputs on this.
From the title itself; we have local users that are administrators for FortiAuthenticator GUI/CLI. Tese local users have FTM attached/enable on them. We want to disable Push notifications for these users; requiring them to manually code-in the OTP


Appreciate any ideas/inputs

1 Solution
Markus_M
Staff
Staff

Hi FriedBacon,

 

I don't have a good answer, you might need some more breakfast with eggs though :)

You cannot disable the push by a click, that is only possible for the users that authenticate through radius policies.

The push however is just a connection from FortiAuthenticator to a proxy server we use, push.fortinet.com, and then to Apple/Google. Finally it pops up on the phone.

If you were to disable that connection, push messages would not be sent anymore - for any user.

If this is a way to go with - create on the FortiGate or firewall an address object for "push.fortinet.com" and a policy that is set to block traffic to that address object.

 

Best regards,

 

Markus

View solution in original post

2 REPLIES 2
Markus_M
Staff
Staff

Hi FriedBacon,

 

I don't have a good answer, you might need some more breakfast with eggs though :)

You cannot disable the push by a click, that is only possible for the users that authenticate through radius policies.

The push however is just a connection from FortiAuthenticator to a proxy server we use, push.fortinet.com, and then to Apple/Google. Finally it pops up on the phone.

If you were to disable that connection, push messages would not be sent anymore - for any user.

If this is a way to go with - create on the FortiGate or firewall an address object for "push.fortinet.com" and a policy that is set to block traffic to that address object.

 

Best regards,

 

Markus

FriedBacon
New Contributor II

Thanks @Markus_M  this is what I was afraid of.

 

This honestly needs to be a feature; one such scenario this is needed is push notif is only enabled for users, but requiring admins of network devices to manually code-in the OTP

Top Kudoed Authors