Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kinmun
New Contributor II

two-factor authentication for users

I am trying to create 2 factor autentication for  my vpn users.

why am I asked to select a token when i ticked the Enable two-factor authentication checkbox?

 

how does the token works ?

 

8 REPLIES 8
emnoc
Esteemed Contributor III

if you select token than you will be prompt for token, your other choices are SMS and email.

 

ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
kinmun
New Contributor II

when I create new user account, if I select 2 factor authentication, straight away I am prompted to select the token.

tested in the new user and create new admin UI.

how do I avoid the token from being selected.

my firmware version is 5.2.2

 

patrik1
New Contributor

Don´t tick the two-factor auth box.

You can enable two-factor after the user is created.

To enable email or sms you must use the cli.

i.e

config user local edit <user_name> set email-to <user_email> set two-factor email end

 

 

kinmun
New Contributor II

the email token works.

what if I need to use sms instead of email now?

do I have to subscribe to the fortigate messaging service or use my own sms provider ??

for the commands

set sms-custom-server, what do i key in ??

 

kinmun
New Contributor II

how does the 2 factor authentication email works for ipsec users?

i have some users using macbook to login using ipsec.

there is not option for me to enter the 6 digit token code, although i did received the email containing the code.

so far we tested, it only works for ssl-vpn with forticlient.

 

lemon632

You can try to enable your Fortinet appliance with LoginTC two factor authentication. Using push notification is safer and much more convenient than email or SMS. A complete guideline can be found at: 

 

https://www.logintc.com/docs/connectors/fortinet.html

In your use case, the LoginTC token is created in the LoginTC  app installed in the user’s smartphone during a LoginTC registration. The LoginTC token is the credential that delivers the two factor authentication assurance during a VPN session.

kinmun
New Contributor II

have setup two-factor authentication with email.

noticed that some users will get authentication failure on their mobile devices but no issues if they use their windows forticlient.

is it due to fw polices or vpn settings ??

dudarra
New Contributor

hossa,

 

global / config / advanced --> then configure email!

 

Rafael

 

 

thanks in advanced Rafael

thanks in advanced Rafael
Labels
Top Kudoed Authors