Chapter 3 Authentication for FortiOS 5.0 : Users and user groups : Users : Two-factor authentication : Email
  
Email
Two-factor email authentication sends a randomly generated six digit numeric code to the specified email address. Enter that code when prompted at logon. This token code is valid for 60 seconds. If you enter this code after that time, it will not be accepted.
A benefit is that you do not require mobile service to authenticate. However, a potential issue is if your email server does not deliver the email before the 60 second life of the token expires.
The code will be generated and emailed at the time of logon, so you must have email access at that time to be able to receive the code.
To configure an email provider - web-based manager
1. Go to System > Config > Messaging Servers.
2. Enter the SMTP Server and Default Reply To address.
3. If applicable, enable Authentication and enter the SMTP User and Password to use.
4. Select Apply.
To configure an email provider - CLI
config system email-server
edit <provider_name>
set server <server_domain-name>
next
end
To enable email two-factor authentication - web-based manager
1. To modify an administrator account, go to System > Admin > Administrators. To modify a user account go to User & Device > User > User Definition.
2. Edit the user account.
3. Enable and enter the user’s Email Address.
4. Select Enable Two-factor Authentication.
5. Select the Token that the user has.
6. Select OK.
To enable email two-factor authentication - CLI
config user local
edit <user_name>
set email-to <user_email>
set two-factor email
end