Chapter 18 Troubleshooting : ­Verifying FortiGate admin access security : When enabling remote access, configure Trusted Hosts and Two-factor Authentication : Configuring Two-factor Authentication
  
Configuring Two-factor Authentication
FortiOS 5.0 provides support for FortiToken and FortiToken Mobile. FortiToken Mobile is a Fortinet application that enables you to generate One Time Passwords (OTPs) on a mobile device for FortiGate two-factor authentication. The user’s mobile device and the FortiGate unit must be connected to the Internet to activate FortiToken mobile. Once activated, users can generate OTPs on their mobile device without having network access. FortiToken Mobile is available for iOS and Android devices from their respective Application stores. No cellular network is required for activation.
The latest FortiToken Mobile documentation is available from the FortiToken page of the
Fortinet Technical Documentation website.
Two free trial tokens are included with every registered FortiGate unit. Additional tokens can be purchased from your reseller or from Fortinet.
To assign a token to an administrator go to System > Admin > Administrators and either add a new or select an existing administrator to assign the token to. Configure the administrator as required, you need to enter your email address and phone number in order to receive the activation code for the FortiToken mobile. Select Enable Two-factor Authentication. Select the token to associate with the administrator. Select OK to assign the token to the administrator.
To configure your FortiGate unit to send email or SMS messages go to System > Config > Messaging Servers.