MFA application FortiToken

Hello,

From what I can see of the description of the application, it supports TOTP, which are already supported for our application MFA feature. Did you try configuring it with a TOTP?

Regards,

I've tried without success, but maybe I did that the wrong way. I did:

1. I got an email from Forti with QR code and activation code (16 digits, all uppercase, combination of alphanumeric)
2. I created OTP object in RDM
3. I initialized the object with the activation code
4. I also added the QR to the FortiToken Mobile app
5. the time OTP number from phone differs to the one in the RDM and only number from phone app works to login

Regards

Hello,

From some searching around (reddit thread, github thread), the activation code is not actually the OTP key. It's used by the FortiToken application to then fetch the correct information. The QRCode is apparently encrypted as well, so it would be complicated for us to do this.

At the moment, I don't think it's possible for us to implement this with the way FortiToken works.

Regards,

Thank you for the check. I created the same question to the Fortinet. So this thread can be closed for now.

Thank you for the check. I created the same question to the Fortinet. So this thread can be closed for now.

Did you have any news on Fortinet's side ? We are facing more and more use of Fortitokens and not having them in Devolutions is a pain to manage for the team currently.

Here is a response from the Forti staff:
Hey,
technically, the FortiToken mobile seeds can be exported during provisioning, under VERY specific circumstances.
Please check here: https://docs.fortinet.com/document/fortiauthenticator/6.6.1/rest-api-solution-guide/829822/local-use...
There is a section 'Third party integration: FTM provisioning' that goes into a bit of detail.
 
However:
- this requires use of a FortiAuthenticator, and the FortiToken mobile licence must be attached to that same authenticator
- the seeds ARE returned in an encrypted format, but I don't know if the Remote Desktop Manager can import them
I don't know of any other method to retrieve the seeds; that would indeed require an NFR as DPadula mentioned.

User DPadula sent:
Hi,
To request for a new feature you need to contact your AM on Fortinet, unfortunately this type of request cannot be done via forum. 

I didn't have time to push it further. Let me/us know, if you succeed.

Regards

Here is a response from the Forti staff:
Hey,
technically, the FortiToken mobile seeds can be exported during provisioning, under VERY specific circumstances.
Please check here: https://docs.fortinet.com/document/fortiauthenticator/6.6.1/rest-api-solution-guide/829822/local-use...
There is a section 'Third party integration: FTM provisioning' that goes into a bit of detail.
 
However:
- this requires use of a FortiAuthenticator, and the FortiToken mobile licence must be attached to that same authenticator
- the seeds ARE returned in an encrypted format, but I don't know if the Remote Desktop Manager can import them
I don't know of any other method to retrieve the seeds; that would indeed require an NFR as DPadula mentioned.

User DPadula sent:
Hi,
To request for a new feature you need to contact your AM on Fortinet, unfortunately this type of request cannot be done via forum. 

I didn't have time to push it further. Let me/us know, if you succeed.

Regards

Thanks for the info, I will check that on my side (I will also need to have the time to take care of that), I will let you know if I manage to take it further.