Associating FortiTokens with accounts
The final step before using the FortiTokens to authenticate logons is associating a FortiToken with an account. The accounts can be local user or administrator accounts.
To add a FortiToken to a local user account - web-based manager
1. Ensure that your FortiToken serial number has been added to the FortiGate successfully, and its status is Activated.
2. Go to User & Device > User > User Definition, and select Create New.
3. Enter the username and password for this user account.
4. Select Enable Two-factor Authentication.
5. Select FortiToken, and select the serial number from the list that matches that user's FortiToken.
6. Select OK.
To add a FortiToken to a local user account - CLI
config user local
edit <username>
set type password
set passwd “myPassword”
set two-factor fortitoken
set fortitoken <serial_number>
set status enable
next
end
To add a FortiToken to an administrator account - web-based manager
1. Ensure that your FortiToken serial number has been added to the FortiGate successfully, and its status is Activated.
2. Go to System > Admin > Administrators, and select an admin account.
This account is assumed to be configured except for two-factor authentication.
3. Select Enable Two-factor Authentication.
4. Select FortiToken, and select the serial number from the list that matches that user's FortiToken.
5. Select OK.
To add a FortiToken to a local user account - CLI
config user local
edit <username>
set type password
set passwd “myPassword”
set two-factor fortitoken
set fortitoken <serial_number>
set status enable
next
end
The fortitoken keyword will not be visible until fortitoken is selected for the two-factor keyword.
| Before a new FortiToken can be used, it may need to be synchronized due to clock drift. |