IPSec VPN linked to LDAP and Fortitoken

EricS · ‎02-06-2025

Hello,

I'm working on the use of an AD group to allow VPN Access. Is it possible to manage Fortitoken Mobile by the mean ?

Toshi_Esumi · ‎02-06-2025

You just need to define each user at the FGT in local user config and set the type as ldap then bind the token like below:

edit "user_name"
set type ldap
set two-factor fortitoken
set fortitoken "token_s/n"
set email-to "user_email_address"
set ldap-server "ldap_server_name"
next

Toshi

Dhruvin_patel · ‎02-06-2025

Greetings!

I assume you are not using fortiauthenticator.

In this case, use this method to authenticate user with LDAP and use fortitoken as 2FA, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Correctly-configuring-Two-Factor-Authentic...

Regards!

Dhruvin Patel

EricS · ‎02-06-2025

Thanks @Dhruvin_patel @Toshi_Esumi for your fast answers, i'll have a look tomorrow. An additional question : I specified in the LDAP link the users' OU. If the VPN Group is in an OU in the same level (i.e. enterprise -> users, enterprise -> groups, ...). Is it possible to use an LDAP filter to read the AD group members ?

Dhruvin_patel · ‎02-06-2025

Yes, it's possible to use an LDAP filter to read the members of an Active Directory (AD) group, even if the VPN group is in a different Organizational Unit (OU) but at the same level.

Dhruvin Patel

IPSec VPN linked to LDAP and Fortitoken

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website