2. In the dialog box, select the Enable Two-factor Authentication check box. Under Deliver Token Code by, select the FortiToken option and then
select the FortiToken serial number you want to assign to the selected user account. Select OK.
To assign a FortiToken unit to a user when use with FortiToken Cloud
1. Open your web browser, point to https://ftc.fortinet.com, and press Enter key on your keyboard: The FTC page
opens
2. Use the upper right corner to login to FTC
A hardware token shown on the Hard Tokens page without a username means that it is free or has not been assigned to any user yet. You can
assign it to any user in your FTC account.
To assign a free hard token to a user:
1. On the main menu, click Users. The Users page opens. See Users.
2. Identify the user of interest and click the MFA Method column. A pop-up list appears showing all the MFA methods that FTC supports.
3. Select FTK.
Delete hard tokens
The Hard Tokens page provides tools to delete hard tokens that are no longer needed. You can delete one, multiple, or all the hardware tokens
at once.
Only free (unassigned) FTK tokens can be deleted.
To delete individual hardware tokens:
1. Identify the hard token(s).
2. Select the corresponding checkbox(es).
3. Click the Delete button. The Delete Hard Tokens warning message appears.
4. Click Yes.
To delete all hardware tokens:
1. Select the checkbox in the header of the checkbox column.
2. Click the Delete Hard Tokens button. The Delete Hard Tokens warning message appears.
3. Click Yes.
Step 4. Logging In with FortiToken
After they have been activated and assigned to users, the FortiToken units can be used to log in securely to your network through the SSL-VPN
client, the standalone FortiClient SSL-VPN tunnel client, the FortiClient console, or the FortiGate Web-based Manager. This section explains
the login procedure for each method.
To log in using the SSL-VPN Client
1. In the SSL-VPN web login page, enter your user name and password and select Sign In. The login page refreshes and the FortiToken
Code field appears.
2. Press the Start button of your FortiToken unit, type the generated token password into the FortiToken Code field on the login page and
then select Login. You must do this within the 60 seconds while the token password is still valid.
To log in using the standalone FortiClient SSL-VPN tunnel client
1. Go to Start > All Programs > FortiClient > FortiClient SSL-VPN.
2. In the FortiClient SSL-VPN client, select the Connection Name from the list.
3. Enter your user name, then press the Start button of your FortiToken unit.
4. In the Password eld, type your password concatenated with the generated token password. For example, if your password is
password and your token code is 123456, you would enter password123456.
5. Select Connect to initiate the connection. You must do this within 60 seconds while the token password is still valid.
To log in using the FortiClient console (IPsec VPN)
1. In the FortiClient console, go to VPN > Connections, select the connection you want to start and select Connect.
2. In the VPN Login dialog box, enter your user name and password and select OK. The login page refreshes and the FortiToken Code field
appears.
3. Press the Start button of your FortiToken unit, type the generated token password into the FortiToken Code field and select OK. You must
do this within 60 seconds while the token password is still valid.
Assign a hard token to a user
