FortiClient 2FA via E-Mail for LDAP Users

Florian12 · ‎08-23-2023

Hi, got the following situation:

Our FortiGate is connected to our AD. The users have corresponding groups on the AD and can sign in to the corresponding FortiClient connections. The users are NOT defined on the FortiGate, not as local and not as LDAP.

Now we would like to make them use 2FA in the FortiClient via e-mail, so without using FortiTokens, FortiAuthenticator or similar.

Is there any way to do this without having to create users on the FortiGate?

We are talking of at least 300 users, I'd say. Possibly even more.

Thanks for the help in advance!

rbraha · ‎08-23-2023

Hi @Florian12

Unfortunately this cant be possible the user database need to be present on FGT otherwise FGT cannot validate if the user has second factor authentication like FortiToken or email .

View solution in original post

rbraha · ‎08-23-2023

Hi @Florian12

Unfortunately this cant be possible the user database need to be present on FGT otherwise FGT cannot validate if the user has second factor authentication like FortiToken or email .

Florian12 · ‎08-24-2023

Hi @rbraha

Thanks for the quick response and the answer, that'll help a lot!

Have a nice day! :)

FortiClient 2FA via E-Mail for LDAP Users

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website