Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

two-factor authentication for users

I am trying to create 2 factor autentication for  my vpn users.

why am I asked to select a token when i ticked the Enable two-factor authentication checkbox?


how does the token works ?


Esteemed Contributor III

if you select token than you will be prompt for token, your other choices are SMS and email.






New Contributor

when I create new user account, if I select 2 factor authentication, straight away I am prompted to select the token.

tested in the new user and create new admin UI.

how do I avoid the token from being selected.

my firmware version is 5.2.2


New Contributor

Don´t tick the two-factor auth box.

You can enable two-factor after the user is created.

To enable email or sms you must use the cli.


config user local edit <user_name> set email-to <user_email> set two-factor email end



New Contributor

the email token works.

what if I need to use sms instead of email now?

do I have to subscribe to the fortigate messaging service or use my own sms provider ??

for the commands

set sms-custom-server, what do i key in ??


New Contributor

how does the 2 factor authentication email works for ipsec users?

i have some users using macbook to login using ipsec.

there is not option for me to enter the 6 digit token code, although i did received the email containing the code.

so far we tested, it only works for ssl-vpn with forticlient.



You can try to enable your Fortinet appliance with LoginTC two factor authentication. Using push notification is safer and much more convenient than email or SMS. A complete guideline can be found at:

In your use case, the LoginTC token is created in the LoginTC  app installed in the user’s smartphone during a LoginTC registration. The LoginTC token is the credential that delivers the two factor authentication assurance during a VPN session.


have setup two-factor authentication with email.

noticed that some users will get authentication failure on their mobile devices but no issues if they use their windows forticlient.

is it due to fw polices or vpn settings ??

New Contributor



global / config / advanced --> then configure email!





thanks in advanced Rafael