FortiToken Mobile - User Guide

Version 4.0.0
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE

https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT

https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM

https://www.fortinet.com/support-and-training/training.html

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://fortiguard.com/

END USER LICENSE AGREEMENT

https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: [email protected]

December 23, 2020

FortiToken Mobile 4.0.0 User Guide
33-400-665753-20201223
 TABLE OF CONTENTS

Introduction 4
Overview 4
Supported Versions and Devices 4
Installing the FTM Application 5
Downloading FTM for Apple iOS 5
Downloading FTM for Google Android 5
Downloading FTM for Microsoft Windows 5
Token Activation 6
FortiToken Activation Email/SMS Message 6
Activating Your Token 6
Scan Barcode 7
Manual Activation 7
Third Party Token Activation 7
Push Notification: 7
FortiToken Mobile Home View 9
Generating OTPs 9
Copying and Pasting OTPs to/from Clipboard 9
Search Token 9
Hide/Show OTP 10
Edit Token Name 10
Token detail 10
FortiToken Mobile Manager View 11
Delete Token 11
Reorder Token 11
FortiToken Mobile Info View 12
Alerts and Troubleshooting 13
Activation Issues 13
Synchronization Issues 13
Push Issues 13
Application Timeout 13

FortiToken Mobile 4.0.0 User Guide 3

Fortinet Technologies Inc.
Introduction

Introduction

The FortiToken Mobile (FTM) is an application that allows you to generate One Time Password (OTP) values
on your mobile device for use in two factor authentication. Once your token is activated, you will not need any
network access to generate OTPs on your device.

Overview

The FortiToken Mobile application supports three platforms: iOS, Android, and Windows. FortiToken Mobile
supports localization in English, Simplified Chinese, Traditional Chinese, Japanese, and French (France and
Canada). After installing the FortiToken Mobile app on your mobile device, you will need to activate a token.
Once activated, you can immediately generate OTPs on your device. You can manually enter OTP or
approve/deny the remote access login request from push notifications. If an old mobile device doesn’t work or
is lost, you can transfer the activated token to a new device without reactivation of a new token.

Supported Versions and Devices

FTM IOS can be installed on iPad, iPod Touch and iPhone, iWatch with IOS from 9 to latest 13.
FTM Android can be installed on all Android Device Manufacturers with Android OS from 4.4.x to latest 11.
FTM windows can be installed on Windows 10 PC and Windows 10 Mobile devices.
No cellular network is required. If cellular service is not available, use Wi-Fi access.

FortiToken Mobile 4.0.0 User Guide 4

Fortinet Technologies Inc.
Installing the FTM Application

Installing the FTM Application

Downloading FTM for Apple iOS

Go to iTunes app store to download the free FortiToken Mobile IOS application.
Click here for FortiToken Mobile IOS download from App Store.

Downloading FTM for Google Android

Go to Google Play store to download the free FortiToken Mobile Android application
Click here for FortiToken Mobile Android download from Google Play Store

Downloading FTM for Microsoft Windows

Go to Microsoft store to download the free FortiToken Mobile Windows application

Click here for FortiToken Mobile Windows download from Microsoft Store.

After the app has been installed, make sure the device has the correct date and time
adjustment.

FortiToken Mobile 4.0.0 User Guide 5

Fortinet Technologies Inc.
Token Activation

Token Activation

The FortiToken Mobile application allows you to install Fortinet tokens that are issued from FortiGate,
FortiAuthenticator, Fortitoken-Cloud, and third party tokens such as tokens for two step verification used by
Dropbox, Google, Amazon and Microsoft.

FortiToken Activation Email/SMS Message

After your system administrator assigns your token, you will receive a notification with an Activation Code and
an activation expiration date by which you must activate your token. Depending on which option your system
administrator has chosen, you will receive the activation notification either by SMS or email. If you do not
activate your token by the indicated expiration date, you must contact your system admin so that your token
can be re-assigned for activation.
The activation notification looks like this for tokens issued from FortiGate, FortiAuthenticator, and Fortitoken-
Cloud.

Welcome to FortiToken Mobile - One-Time-Password software token. 

Please visit http://docs.fortinet.com/fortitoken/ for instructions on how to
install your FortiToken Mobile application on your device and to activate your
token. 
Activation Code for FortiToken Cloud Mobile FTC5QTL95L6FIOS2, which you will need
to enter on your device later, is xxxxxxxxxxxxxxxx
Alternatively, use the attached QR code image to activate your token with the "Scan
Barcode" feature of the app. 
You must activate your token by: Monday December 14, 2020 20:39 UTC(+0000), after
which you will need to contact your system administrator to re-enable your
activation. 

Activating Your Token

You can activate your token on FortiToken Mobile IOS, Android, and Windows once you receive an Activation
Code via email or sms.
Before you begin, make sure your device is set to the correct time and that you have Internet access.
Tokens have enforced-pin, required (optional), and not-required pin policy on FortiAuthenticator and
FortiToken-cloud. Pins need to be set before activating tokens for two cases:
1. Enforced-pin policy is selected by system administrator
2. If required (optional) pin policy is selected by system administrator and no mobile device pin is set.

FortiToken Mobile 4.0.0 User Guide 6

Fortinet Technologies Inc.
Token Activation

Once you have created and confirmed your PIN, you can add your tokens by using the Activation Code
received via email or sms. You can either enter the Activation Code manually, or you can select Scan
Barcode if your device supports it.

Scan Barcode

If your device supports QR code recognition, you can simply press Scan Barcode from Fortitoken Mobile
home screen and point your device camera at the QR code attached to the activation email.
Note: QR code images are not provided using the SMS activation message, only with the email activation
message.

Manual Activation

1. Press Enter Manually, then select the type of token from the Enter Manually list.
a. For FortiToken, select Fortinet.
b. For 3rd-party token, select Other.
2. Enter a name for this token and the Activation Code exactly as it appears in your Activation message,
either by typing or copying & pasting.
Note: FortiToken Mobile will automatically convert lower case to upper case letters so there is no need to
use the Shift key when typing.
3. Click Done.
4. FTM will communicate with the Secure FTM Provisioning Server to activate your token. Once activated,
you will see the OTP displayed on token list view.

Third Party Token Activation

Many cloud and online applications offer the option to turn on two step verification (aka two factor
authentication) for added security. FortiToken Mobile provides a simple means to install tokens from cloud
services providers, including Dropbox, Google, Amazon and Microsoft. Follow the provider’s instructions for
turning on two step verification, and you will get to a web page displaying an activation code with options to
scan a QR code or enter the code manually if you cannot scan the bar code.
If you use the option to Scan Barcod and no Token Name is entered, the Token Name will default to what is
encoded in the QR code image for the account name. Token Name can be edited.
FortiToken Mobile allows you to choose a specific third party provider. If your provider is not listed, you can add
a token if the activation code is presented in Base32 format.

Push Notification:

Other than OTP, push notification is an alternative for remote access login.
Push notification is supported on FTM IOS and FTM Android (FTM Windows doesn’t support push)

FortiToken Mobile 4.0.0 User Guide 7

Fortinet Technologies Inc.
Token Activation

FTM app can receive push notifications when mobile device is locked or on home screen as well as when FTM
app is open. FTM application user can choose to approve or deny the login request. Once action is taken on the
login request, the message ‘Request sent successfully’ will display and dismisses within 1.5 seconds.

FortiToken Mobile 4.0.0 User Guide 8

Fortinet Technologies Inc.
FortiToken Mobile Home View

FortiToken Mobile Home View

Generating OTPs

Two types of OTPs (TOTP and HOTP) displays on the FortiToken Mobile Application:
l Event-based or HMAC-based (HOTP): The token passcode is generated using an event trigger and a
secret key. User presses ‘Next OTP’ to display new OTP value
l Time-based (TOTP): User presses the Eye icon to hide/show the OTP. The timer bar next to the Eye icon
shows how much time is left before a new OTP value will be displayed. The token OTP changes every 60
or 30 seconds. This time is configurable on the FortiAuthenticator and FortiToken Cloud Setting.
Note:
FTM IOS, Android, and Windows support both TOTP and HOTP.
FortiAuthenticator supports HOTP and TOTP.
FortiGate and FortiToken-Cloud only support TOTP.

Copying and Pasting OTPs to/from Clipboard

Your OTP can be copied to your clipboard by tapping the number displayed, then tapping “copy”. This is
useful in situations such as when you are using a VPN client on a mobile device and need to enter the OTP as
the second factor for logging in.

Search Token

Device Description

FTM IOS From the FTM IOS token list view, pull down to show the search bar and
pull up to hide the search bar. Tap the search bar, then type letters to
match to token names in the list. FTM IOS will return a list of matched
tokens. Press back for the app to go back to main token list with the
selected token moved to the top of list.

FTM Android From the FTM Android main token list view, the search icon displays at the
top right. Pressing the search icon opens the search bar. Type letters to
match to tokens and tap a token to move it to the top of the list. This
movement should be accompanied by a short message ‘Move token to
top’.

FTM Windows Does not support this feature

FortiToken Mobile 4.0.0 User Guide 9

Fortinet Technologies Inc.
FortiToken Mobile Home View

Hide/Show OTP

Both TOTP and HOTP unhide after they are activated. TOTP can show/hide by pressing the eye icon. Its
hide/show status is retained after exiting or re-launching the app. HOTP is hidden all the time after exiting or re-
launching the app. The only way to unhide an HOTP is by pressing ‘Next OTP’.

Edit Token Name

Long press the token on the tokens screen to edit the Token Name.

Token detail

Press the arrow from the token list view to see a token's details including an editable token name, issuer serial
number, and issuer name.

FortiToken Mobile 4.0.0 User Guide 10

Fortinet Technologies Inc.
FortiToken Mobile Manager View

FortiToken Mobile Manager View

Delete Token

Select ‘Manage’ at the top right of the token list view. Press the red ‘-‘ sign at the beginning of the token to be
deleted, then press the red ‘Delete’ button on the very right to delete that token. Select Done.

Reorder Token

Select ‘Manage’ at the top right of the token list view. Press and hold the three horizontal lines at the end of
token to be moved. Drag the token to reorder its position then release your hold. Select Done.

FortiToken Mobile 4.0.0 User Guide 11

Fortinet Technologies Inc.
FortiToken Mobile Info View

FortiToken Mobile Info View

Select Info to access the following information and features:

Feature Description

Version FortiToken Mobile application version installed on your device

Epoch Time The universal time setting that can be used to troubleshoot token
synchronization issues

Registration ID The mobile device's ID that the FTM application uses to identify the correct
device to send push notifications

Terms and Conditions A link to a PDF document containing the Fortinet Product License
Agreement / EULA and Warranty Terms

Touch/Face ID & PIN Enable/Disable device supported security

l FTM IOS: Supports Touch/Face ID. User must enable this feature

from the device setting first, then enable it on FTM IOS.

l FTM Android: Only supports fingerprint authentication. Enable this

feature in the device settings first, then enable it on FTM Android.

To set a FortiToken Mobile app PIN, enable PIN and either:
l Enter a 4-digit PIN to create a PIN for the first time

l Enter your current FTM PIN, then enter a new PIN. Re-enter the new

PIN to confirm.

Transfer Token If a token is issued from FortiAuthenticator and FortiToken-Cloud, the

token can transfer from iOS to iOS device, from Android to Android device,
or between iOS and Android devices. Press Transfer Tokens, then press
the Fortitoken Cloud or FortiAuthenticator serial number with the total
number of activated tokens. Press OK on the Transfer Tokens popup.
Select Proceed to start token transferring process. You will receive a
transfer code via email or sms. Scan the transfer code or enter the transfer
key manually by navigating to the FTM home screen > + > Enter
Manually > Enter Transfer Code
Notes:
l Only tokens issued from FortiAuthenticator or FortiToken Cloud can

be transferred. Tokens issued from FortiGate cannot be transfered.

l Only FortiToken Mobile IOS and Android support token transferring.

FortiToken Mobile Windows does not support this feature.

l Token transferring is supported between FTM IOS and FTM Android

l Thrid party tokens issued from FortiAuthenticator or FortiToken Cloud

can be transfered

Buy Tokens Users can buy tokens from FTM IOS if tokens are used up. Only supported
on FTM IOS.

Purchase History Tokens purchased from FTM IOS will be listed under purchase history.
Only supported on FTM IOS.

FortiToken Mobile 4.0.0 User Guide 12

Fortinet Technologies Inc.
Alerts and Troubleshooting

Alerts and Troubleshooting

Activation Issues

l If you receive an error message indicating that FTM timed out while waiting for the server, check to make
sure your device can access the Internet. If the problem persists, contact your system administrator.
l If you receive an error message indicating that FTM activation failed, please check your Activation Code
and re-enter the code. If the problem persists, contact your system administrator. Please supply the error
code and/or error message so your administrator can correct the problem.
l If a token is activated, it cannot be activated again on the same or different devices.

Synchronization Issues

If you are able to generate OTPs but your login attempts fail, please make sure your device is set to the correct
time. If the problem persists, contact your system administrator.

Push Issues

If you cannot receive push notification on your mobile device, check for the FortiToken mobile app under your
device's settings to make sure allow notifications is enabled.
If you approve push notification but remote access login fails, you can either contact your system administrator
or use OTP instead.

Application Timeout

If you do not touch your screen for 60 seconds, the application will time out and you will have to enter your PIN
again to display the OTP

FortiToken Mobile 4.0.0 User Guide 13

Fortinet Technologies Inc.
Copyright© 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., in
the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be
trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and
other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding
commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such
event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be
limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or
development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and
guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable.