Captive portal WiFi access with a FortiToken-200

In this recipe, you will enforce two-factor authentication for WiFi users who have physical FortiToken-200 devices through a captive portal. FortiToken-200 users who attempt to browse the Internet will be redirected to the captive portal login page and asked to enter their username, password, and token code.

This recipe assumes that you already have a FortiAP unit connected and authorized to the FortiGate, and that the SSID has been set up and configured to use Captive Portal. For a recipe on how to set up a wireless network through a captive portal, see Captive portal WiFi access control.

This recipe is designed for a FortiToken-200 physical key generator. See step 2 for information about using FortiToken Mobile.

Watch the video

1. Adding the FortiToken

Go to User & Device > FortiTokens and create a new FortiToken.

Set Type to Hard Token and enter the FortiToken’s Serial Number into the field provided.

2. Editing the user and assigning the FortiToken

 

Go to User & Device > User Definition and edit the user (rgreen).

Select Enable Two-factor Authentication and select the token created earlier.

Select Add this user to groups and add the user to the captive portal user group (employees).

This recipe is designed for a FortiToken-200 physical key generator. If the user has FortiToken Mobile, the user’s contact information must be included so that the FortiToken code can be sent to the user via Email or SMS.

3. Results

When a user attempts to browse the Internet, they will be redirected to the captive portal login screen.

Members of the FortiToken group must enter their Username and Password, but will then be redirected to a screen requiring the user to enter their Token Code.

Once the code is successfully entered, the user will be redirected to the URL originally requested.

On the FortiGate, go to Monitor > WiFi Client Monitor to verify that the user is authenticated.
Adam Bristow

Adam Bristow

Technical Writer at Fortinet
Adam Bristow is a Technical Writer working for the FortiOS technical documentation team. He has a Honours Bachelor of Arts in English and Minor in Film Studies and a graduate certificate in Technical Writing from Algonquin College. Stay tuned for more FortiOS Cookbook videos!
Adam Bristow

Latest posts by Adam Bristow (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin
Note that the serial number, located on the back of the FortiToken device, is case sensitive and must not be previously used.
Retrieve the code by pressing the button on the FortiToken device.

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.