The user will recieve and email with the QR code. The user needs to go to their AppStore (Apple) or Market Place (Android) to download the FortiToken app. NOTE: You must have an email address in the appropriate field. You can re-send the activation from this window. From the drop-down list, choose an available FortiToken and save. Once you edit the user, click the ‘ Two-Factor Authentication’ button. Once the user is created, you will select it and choose ‘ Edit’. Choose the DC you created and browse for the ‘ John Doe’ user. Go to ‘ Users & Devices’ and select ‘ User Definition’ and choose ‘ Remote LDAP User’. Now we are going to create a ‘ Remote User’ (e.g.
Choose the Domain Controler you created earlier, and select the ‘ FortiToken-GRP’ group. Give the group a name and choose ‘ Remote Groups’. Go back to ‘ Users & Devices’ and create a ‘ User Groups’. Once this is completed you can move back to the Fortigate. Next, make sure you add the new user to the ‘ Security Group’ named ‘ FortiToken-GRP’. Now we will create a Security Group in Activie Directory Under the same Sub heading of ‘ Users & Devices’ then ‘ LDAP Servers’.Įnsure the ‘ Connection Status’ shows up with the green checkmark and says ‘ Successful’. Once you have the tokens listed, we will add an LDAP server to the configuration. Enter the ‘ Activation Code‘ provided by Fortinet via an email and hit ‘ OK‘
Login into your Fortigate firewall and go to ‘ Users & Devices’ then ‘ FortiToken‘įor hardware tokens, you can either import it from a text file or seed file.Įlectronic Tokens are easier. NOTE: You do not require AD as you can create local users and assign them a token. FortiToken Licenses (hardware or software) The electronic tokens are perpetual so you buy them once and you can reuse them as needed.Ģ. FortiTokens come in two-factors (no pun intended) hardware and electronic. I mentioned that FortiToken was easier to deploy and decided I would write a blog post using FortiToken, Active Directory and Fortigate.įortigates have a built-in two-factor authentication server and you only need to purchase FortiTokens. Yesterday I wrote a blogpost about two-factor authentication using Duo, Active Directory, Duo Proxy Auth and Fortigate. Fortitoken with Active Directory on Fortigate
0 kommentar(er)
