Fortigate: Enable 2FA email base

Chetta Busayarat

2 min read
Fortigate: Enable 2FA email base
Photo by Ed Hardie / Unsplash

One option for 2FA on FortiClient VPN is an Email base. To enable this try following the step.

  1. Login to the FortiGate dashboard.
  2. Check on the user about the Two-factor Authentication status is not enabled.
  1. Open the CLI page to enable the 2FA email base.
  1. Edit and enable Two-Factor (Email base).
config user local
edit "user"

show 
set two-factor email
set email-to "email@address"
end
  1. After finishing CLI and going back to check on the user, it now shows 2FA enabled with an "Email base two-factor authentication".
  1. Test connection by FortiClient. Enter the username and password to connect.
  1. After entering the password and connecting, it will show the token box.
  1. AuthCode will sent to your email (Register address on No.4).
  1. Copy the code past on the token box. And press OK.
  1. FortiClient connected.

https://www.youtube.com/watch?v=BmQqiqFV5_I