Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SegLati
New Contributor

enable email 2FA for local users

Hello everybody: I want to enable two-factor authentication but only for local users who use the forticlient to connect VPN (fortigate 60F).

I want to use email, I already have the email-server configured.
The option does not appear, so I have to configure the email-server.
This is my configuration:
show system email-server
config system email-server
set server "mail.emailexample.com.ar"
set port 26
set security smtps
end

According to the documentation:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Email-Two-Factor-Authentication-on-FortiGa...

There are two steps to complete this configuration:


Configure the SMTP server.

config system email-server

set reply-to {Sender_email_address}

set server {SMTP_server_FQDN/IP}

set port {SMTP_server_port_number}

set authenticate {enable | disable}

set username {username}

set password {password_string}

set security {none | starttls | smtps}

end

 

Create a user(s) with email two-factor enabled.

config user local
edit {username}
set type password
set two-factor email
set email-to {user_email_address}
set passwd {password}
next
end

config system admin
edit "admin"
set type password
set two-factor email
set email-to user_email_address
set passwd password
next
end

but I only want to enable it for local users, is it possible?

Thanks

1 Solution
Dhruvin_patel

Hello!

 

Yes, it is possible to enable email two-factor authentication specifically for local users on FortiGate. Here's how you can achieve this:

1. Configure the SMTP server:
```
config system email-server
set reply-to {sender_email_address}
set server {smtp_server_fqdn/ip}
set port {smtp_server_port_number}
set authenticate enable
set username {username}
set password {password_string}
set security smtps
end
```

2. Create a local user with email two-factor authentication enabled:
```
config user local
edit {username}
set type password
set two-factor email
set email-to {user_email_address}
set passwd {password}
next
end
```

By following these steps, you can enable email two-factor authentication for local users on your FortiGate device. This will ensure that only local users using FortiClient to connect to VPN will have email two-factor authentication enabled.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Email-Two-Factor-Authentication-on-FortiGa...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forticlient-SSLVPN-using-email-two-factor/...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-Up-Two-Factor-Authentication-2FA-f...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

 

Best Regards!

 

 

 

Dhruvin Patel

View solution in original post

3 REPLIES 3
Dhruvin_patel

Hello!

 

Yes, it is possible to enable email two-factor authentication specifically for local users on FortiGate. Here's how you can achieve this:

1. Configure the SMTP server:
```
config system email-server
set reply-to {sender_email_address}
set server {smtp_server_fqdn/ip}
set port {smtp_server_port_number}
set authenticate enable
set username {username}
set password {password_string}
set security smtps
end
```

2. Create a local user with email two-factor authentication enabled:
```
config user local
edit {username}
set type password
set two-factor email
set email-to {user_email_address}
set passwd {password}
next
end
```

By following these steps, you can enable email two-factor authentication for local users on your FortiGate device. This will ensure that only local users using FortiClient to connect to VPN will have email two-factor authentication enabled.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Email-Two-Factor-Authentication-on-FortiGa...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forticlient-SSLVPN-using-email-two-factor/...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-Up-Two-Factor-Authentication-2FA-f...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-local-admin-authentication-when-r...

 

Best Regards!

 

 

 

Dhruvin Patel
SegLati
New Contributor

Thanks for the answer!

I was able to enable two-factor authentication using email.

Best Regards!

Dhruvin_patel

I'm glad it worked for you!

Dhruvin Patel
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors