Help
FortiToken
FortiToken Mobile is an application for iOS or Android that acts like a hardware token but utilizes hardware the majority of users possess, a mobile phone.
rbraha
Staff
Staff

Created on ‎04-22-2024 05:37 AM

Article Id 310722

Troubleshooting Tip: Unable to assign FortiTokenCloud to administrator users in FortiGate

Description

 

This article describes how to resolve possible errors that may occur when assigning FTC to administrator users in FortiGate.

 

Scope

 

FortiGate, FortiToken Cloud.

 

Solution

 

Consider the following example scenario.

 

On FortiGate, after going to System -> Administrators and creating a new user named 'tets', the option for Two-factor Authentication was selected. In FortiToken Cloud, an error log appears in the FortiGate GUI. Meanwhile, the following errors logs appear in FortiToken Cloud:

 

FT1.jpg

 

Possible causes for this error include:

 

  1. 'Auth Client (FG100FTxxx/#FOS_Administrator) was not found.': This occurrs due to the initial setting of 'Auto-create Auth Client' being disabled. This indicates that this setting was later enabled.
  2. It is not possible to assign tokens because it all user quotas have already been allocated to existing realms.


If this is the case, some user quotas need to be released from either of these realms to ensure that the 'Remaining User Quota' is greater than zero.

 

FT3.jpg


Take the following steps to adjust realm quotas:

  1. Log in to the FTC portal and navigate to 'Realm' at https://ftc.fortinet.com/dashboard/root/realm.
  2. Edit the realms mentioned above and adjust the 'Allocated User Quota' accordingly.

If it would be more convenient to use one of their existing realms instead of creating a new one, consider the following solution:

 

  1. Adjust the allocated user quota to ensure that the 'Remaining User Quota' is greater than zero.
  2. Move the new authentication client 'FG100FTxxxx-#FOS_Administrator' to the desired existing realm by editing the authentication client at https://ftc.fortinet.com/app/authclient/fortiprod.
  3. Verify in the 'CLIENT COUNT' column at https://ftc.fortinet.com/app/realms whether the authentication client has been successfully moved.
  4. Revert the allocated user quota back to its previous setting.
  5. Once there are no authentication clients in the new realm 'FG100FTxxxxx-#FOS_Administrator,' it is safe to delete the realm.

 

The purpose of a realm created on FTC identifies a set of users as valid users of one or more auth clients and can be controlled by the same adaptive auth profile in the realm settings. With realms, the admin user can control settings such as user quota and MFA method.

 

For instructions on creating or editing realms, see the documentation.

 

After assigning this new entry to the desired realm, the user will be assigned a token automatically.

 

 FT2.png

82
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.