Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SebastianJ
New Contributor

Report on users with tokens and their status

Hi,

 

We are currently in progress of enrolling several thousand of users to use FortiToken. Is there a way to extract a list of users with the token assigned and the status of the token? We need to be able to see user name, and if the assigned token was already activated. This is the bare minimum.  Is there a way to do this?

 

Such built-in feature would be very useful when migrating large number of users. It would help to monitor the progress of the migration and remind the users with not activated tokens to perform actions.

 

Thank you in advance.

1 Solution
gfleming

If you need more info than just the FortiToken serial then yes you'd have to extract from the FortiTokens endpoint and correlate the data.

Cheers,
Graham

View solution in original post

7 REPLIES 7
SebastianJ

Hi Graham,

 

Thanks for the answer. Since I need to combine Username or E-mail address with token status am I right thinking that I need to use API to export both LDAP users (/ldapusers/) and FortiTokens (/fortitokens/) and then join both tables using:

token_serial from LDAP users

and

serial from FortiTokens?

gfleming

If you need more info than just the FortiToken serial then yes you'd have to extract from the FortiTokens endpoint and correlate the data.

Cheers,
Graham
SebastianJ

Thanks Graham. This may solve the problem with listing all of the users who didn't activate their tokens yet and sending them a reminder to do so. Saving us from spamming everyone to remind just a few.

 

This would be actually useful to have such functionality built in. From my experience it would be a good thing to be able to generate custom reports with the available data and even possibility to send them periodically to given addresses. Such as e.g. weekly report on available and locked tokens.

gfleming

I agree with you there. I'm just curious does the Users Audit CSV file show you the appropriate details you are looking for?

Cheers,
Graham
SebastianJ

Hi Graham,

 

Users Audit is quite useful. It would be perfect if there would be a clear status of the token (I know, we can get it from combination of date columns, active). And we needed couple more things to make our life easier. But indeed users audit helps. If it could be customised, saved as templates and sent periodically, this would be perfect.

SebastianJ

Hi again Graham,

 

Actually I have latest update. Unfortunately Users Audit is faulty and it does not reflect the reality. E.g. I have number of cases when the column "active" equals to "yes". In the same time both columns "created" and "last used" are exactly the same. This means tokens was assigned, but wasn't activated. And this is not true. Because when I manually check last activity on the account the date is not what is visible in "last used" column. Various users actually logged in much later than the "last used" date. In this case API generated reports are valid.

Labels
Top Kudoed Authors