- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiGate FortiToken Mobile migrate to FortiAuthen...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate FortiToken Mobile migrate to FortiAuthenticator
Hi,
I got total 100 users with FortiToken Mobile and FortiGate. Now I plan to move to FortiAuthenticator.
Can I move 10 users to FortiAuthenticator and remain 90 users authenticate via Fortigate?
Labels:
- Labels:
-
6.4
- « Previous
-
- 1
- 2
- Next »
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi FortiTinker,
Hardware token models are sold in packs, but they do bare their own serial numbers and are independent units !
Therefore you can add and activate them on FortiGate via list of Serial Numbers (for example from purchase/delivery documents or made one manually) as a bulk operation.
But you can also add them one by one in FortiGate / GUI / User & Authentication / Fortitokens. Or in FortiAuthenticator. And split the purchased pack as you want. They are NOT bonded by any 'license' at all.
Bare in mind that every single HW FortiToken can be activated on one device only!
As "One-time Activation Lock" is then applied by FortiGuard (used by FortiGate/FortiAuthenticator for activation of the token) to protect "seed" which is ultra sensitive part of the token computation algorithm.
However same HW (in contrast to SW) token can be added and re-activated to multiple devices. But One-time Activation Lock has to be released first, and Fortinet's TAC support can help you with this via Technical Ticket.
Such re-activation does not affect performance and usability of the token on previous device. After lock release you, again, have just one activation attempt during which token seed will be locked again.
Lock applies during activation attempt and prevent any re-activation, even if it would be tried from very same FortiGate/FortiAuthenticator unit!
This lock does NOT apply to CD models as their seeds are delivered WITH tokens and are not stored anywhere online. Therefore activation of CD tokens is solely local task, and so those are solution for having tokens in "walled-garden" internal places where you would not be able to activate tokens as your device is not allowed to reach out even to FortiGuard).
Alternative to having HW tokens re-activated on multiple devices is to use centralized authentication via FortiAuthenticator. Having users and tokens on one place and for example via RADIUS from FortiGate authorize users through FortiAuthenticator.
Alternative to central management of HW tokens can be FortiToken Cloud.
This applies to HW models using TOTP (so FortiToken 300 {HW as well} are excluded).
Models we talk about:
- FortiToken 200 (older one EOS)
- FortiToken 200B (successor of 200 model)
- FortiToken 220
- respective "CD" variants of above so for example FortiToken 200BCD
More on Tokens in Data Sheet:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/fortitoken.pdf
More on IAM (Identity and Access Management):
https://www.fortinet.com/products/identity-access-management
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
- « Previous
-
- 1
- 2
- Next »
Related Posts
- FortiAuthenticator MFA - SAML 56 Views
- Permission denied. 255 Views
- 'Authentication failure' error - FortiGate admin... 227 Views
- Enabling proxy for FortiToken on FortiAuthenticator... 169 Views
- Multiples SSIDs with Radius FortiAuthenticator +... 214 Views
Labels
-
FortiGate
6,642 -
FortiClient
1,323 -
5.2
801 -
5.4
639 -
FortiManager
575 -
FortiAnalyzer
418 -
6.0
416 -
5.6
362 -
FortiSwitch
341 -
FortiAP
338 -
FortiClient EMS
270 -
6.2
251 -
FortiMail
250 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
154 -
6.4
128 -
FortiNAC
109 -
FortiGuard
105 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
76 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
65 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
SD-WAN
29 -
Firewall policy
28 -
FortiConnect
24 -
High Availability
23 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
Logging
12 -
LDAP
11 -
VDOM
11 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
fortilink
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
FortiAnalyzer v5.0
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
SSO
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.