Hi,
We are currently in progress of enrolling several thousand of users to use FortiToken. Is there a way to extract a list of users with the token assigned and the status of the token? We need to be able to see user name, and if the assigned token was already activated. This is the bare minimum. Is there a way to do this?
Such built-in feature would be very useful when migrating large number of users. It would help to monitor the progress of the migration and remind the users with not activated tokens to perform actions.
Thank you in advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you need more info than just the FortiToken serial then yes you'd have to extract from the FortiTokens endpoint and correlate the data.
The Users Audit might help you here: https://docs.fortinet.com/document/fortiauthenticator/6.4.5/administration-guide/971842/audit-report...
You can also glean this info using the API
Hi Graham,
Thanks for the answer. Since I need to combine Username or E-mail address with token status am I right thinking that I need to use API to export both LDAP users (/ldapusers/) and FortiTokens (/fortitokens/) and then join both tables using:
token_serial from LDAP users
and
serial from FortiTokens?
If you need more info than just the FortiToken serial then yes you'd have to extract from the FortiTokens endpoint and correlate the data.
Thanks Graham. This may solve the problem with listing all of the users who didn't activate their tokens yet and sending them a reminder to do so. Saving us from spamming everyone to remind just a few.
This would be actually useful to have such functionality built in. From my experience it would be a good thing to be able to generate custom reports with the available data and even possibility to send them periodically to given addresses. Such as e.g. weekly report on available and locked tokens.
I agree with you there. I'm just curious does the Users Audit CSV file show you the appropriate details you are looking for?
Hi Graham,
Users Audit is quite useful. It would be perfect if there would be a clear status of the token (I know, we can get it from combination of date columns, active). And we needed couple more things to make our life easier. But indeed users audit helps. If it could be customised, saved as templates and sent periodically, this would be perfect.
Hi again Graham,
Actually I have latest update. Unfortunately Users Audit is faulty and it does not reflect the reality. E.g. I have number of cases when the column "active" equals to "yes". In the same time both columns "created" and "last used" are exactly the same. This means tokens was assigned, but wasn't activated. And this is not true. Because when I manually check last activity on the account the date is not what is visible in "last used" column. Various users actually logged in much later than the "last used" date. In this case API generated reports are valid.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.