Chapter 4 Authentication : Users and user groups : Users : FortiToken : Associating FortiTokens with accounts
  
Associating FortiTokens with accounts
The final step before using the FortiTokens to authenticate logons is associating a FortiToken with an account. The accounts can be local user or administrator accounts.
To add a FortiToken to a local user account - web-based manager
1. Ensure that your FortiToken serial number has been added to the FortiGate successfully, and its status is Activated.
2. Go to User & Device > User > User Definition, and edit the user account.
3. Select Enable Two-factor Authentication.
4. Select the user's FortiToken serial number from the Token list.
5. Select OK.
To add a FortiToken to a local user account - CLI
config user local
edit <username>
set type password
set passwd “myPassword”
set two-factor fortitoken
set fortitoken <serial_number>
set status enable
next
end
To add a FortiToken to an administrator account - web-based manager
1. Ensure that your FortiToken serial number has been added to the FortiGate successfully, and its status is Activated.
2. Go to System > Admin > Administrators, and edit the admin account.
This account is assumed to be configured except for two-factor authentication.
3. Select Enable Two-factor Authentication.
4. Select the user's FortiToken serial number from the Token list.
5. Select OK.
To add a FortiToken to a local user account - CLI
config user local
edit <username>
set type password
set passwd “myPassword”
set two-factor fortitoken
set fortitoken <serial_number>
set status enable
next
end
The fortitoken keyword will not be visible until fortitoken is selected for the two-factor keyword.
 
Before a new FortiToken can be used, it may need to be synchronized due to clock drift.