In an effort to enhance the security of your account, the support portal login and authentication process now offers an extra security measure to protect your information.
In an age where a simple password isn’t enough to protect your data from unauthorized access, we are introducing two-factor authentication and new minimal password complexity requirements. This will require all customers to reset their passwords, and will affect those with multiple logins.
We recommend you enable this option as soon as possible so your login credentials and user information is well protected. See below to see if we can answer any of your questions regarding these changes.
When is the change taking place?
The change in login process is currently scheduled for Saturday November 18th, 2017.
Why is the login process changing?
The login process is being revamped to comply with modern security standards and federal requirements. This includes password complexity rules, password expiration, and two-factor authentication.
How often will I need to change my password?
You will be required to change your password every 90 days.
Am I required to use two-factor authentication?
You are not required to use two-factor authentication, however it is highly recommended.
What happens if I don’t activate my token?
Your account will become disabled, at which point you will need to re-enable your account and set a new password.
If I request a password reset but do not reset it within the 5 day grace period, what will happen?
The link will become invalid and you will need to request a password reset again. During this time your previous, or existing password will not change.
I received a password reset email that I did not request, what do I do?
If you did not request a password reset email you can safely ignore it. The password reset process requires the owner of the email address to click the link in order to configure a new password.
Note: Anyone who has access to the email address can process a password reset. Please keep this in mind if you are using an email alias that has multiple users who can access it.
What happens if I’m using an invalid email address?
If you are using an invalid email address for your account then you will not be able to complete the password reset process. In order to properly configure your new authentication options, you will need to change your Account ID (email address) to a valid address that you are able to access.
How does this affect me if I’m using a group email alias for our Support Portal login?
If you are using a group email alias for your support account (e.g. fortinetsupport@company.com) that is used by multiple individuals to access our support services, you will need to be wary of enabling two-factor authentication, as a mobile token can only be associated with one device.
Additionally, you will need to be wary of resetting the password as this will impact all users. Finally, if you wish to enable two-factor authentication, it is recommended that you use email to receive your token. This way all users who have access to the alias can log into the support website.
Fortinet recommends that you use an individual account where at all possible in order to ensure the security of your account, enhance, and simplify account management.
How do I enable a disabled account?
When you attempt to log into a deactivated account you will be presented with a Reactivate My Account button. Clicking this button will send an email to your address with a link to initiate the reactivation process.
When you click the link to reactivate the account, it will open a page with an Enable my Account button. Once your account has been reactivated successfully, you can click on the Close button to login.
Note: If your account was disabled due to your password expiring, you will need to reset your password. You can do this by clicking the Reset Password button provided when reactivating your account.
Can I change my email address?
Yes, you can change the master email address (Account ID) on your account.
Please be aware that if you change your email address, all accounts that are linked to the original Account ID as a sub account will reflect the new email address.
To change your email, follow these steps:
- Sign in with the account you wish to change.
- Click your name in the upper-right corner and select Credentials below User Profile.
- Click on Change Account ID (Email) from the options on the left-hand side menu.
- Enter and re-enter your new email address to confirm the change.
- Click Save to commit your change.
- Once your Account ID has been successfully changes, you will be logged out.
- You will receive an email confirming the Account ID change. Depending on your account, you may need to reset your password before you can gain access to your account.
- Login with your new email address and password.
- Reconfigure your two-factor authentication settings. You may need to re-provision your FortiToken if necessary.
Note: Please make sure you have access to the email account in question prior to initiating any change.
How complex does my password need to be? What are the minimum password requirements?
Your password must be at least 8 characters in length, and consist of at least 1 upper-case letter, 1 lower-case letter, 1 numeric character, and 1 non-alphanumeric character (e.g. $!#).
I want to enforce two-factor authentication but I don’t own an iPhone or an Android device, what are my options?
We provide email as an alternative to using FortiToken Mobile on your mobile device.
If I choose to enforce two-factor authentication, do I need a FortiToken or can my two-factor authentication security device be from a 3rd Party?
Our portal only supports FortiToken Mobile or email. There is no support for 3rd Party tokens at this time.
Is there a limit to how often I can change my two-factor authentication delivery method?
There is currently no limit. However, every time you change which method you use, it will deprovision the old token and require you to reconfigure your mobile device each time.
How is using one password for all my accounts more secure than separate passwords?
This change provides the ability to apply two-factor authentication for all accounts that you use on our support portal, providing minimal configuration changes, and easier password management for users with access to multiple accounts.
Is there a time limit to reactivating my account if it has been deactivated?
There is no time limit, and we will not delete or remove your account. Should you wish to access it again in the future, simply follow the typical account reactivation process.
Can I use two-factor authentication with a group alias email?
You cannot use FortiToken Mobile with a group alias, as only one FortiToken Mobile can be assigned per address. You can, however, use email as an option, as all users of the account with this alias should have access to receive the token email.
Does FortiToken Mobile support PUSH notifications?
Yes, FortiToken Mobile 4.0 and above supports PUSH notifications. Please note that PUSH notifications may not work in all countries/regions.
Can I go back to the old login process once I’ve migrated?
You cannot return to the legacy authentication process once you’ve migrated your account.
How do I access my other accounts if I login with only one username and password?
When you log in, you will be presented with a landing page providing you a list of all available accounts. Simply select the account you wish to access. Once you are in an account you can change which account you are accessing by clicking your profile in the upper right corner and selecting another account from the list.
Which account is selected as the default account when I log in?
There is no default account selected for you; when you log in, you are provided with a landing page that provides a list of accounts that you have access to.
How can I change my email if my account has been blocked and I’m unable to access my email address?
If you have a disabled account, and are unable to access your email address at the time, simply contact our customer service team who will assist you in reactivating your account.
You can contact your local customer service team by visiting this page: https://www.fortinet.com/support-and-training/support/contact.html
Why doesn’t my Partner Portal account have two-factor authentication options?
Our Partner Portal is a different system that interacts with our Support Portal. In order to ensure a smooth process we are implementing the changes on the primary Support Portal first with additional portals to follow.
What are the reasons an account would be disabled?
There are several reasons that your account could become disabled:
- Your password has expired.
- You configured two-factor authentication but did not provision your token within the specified timeframe.
- Your account was disabled by Fortinet Customer Service.
- A standard user account has been linked to a Fortinet Partner.
- Your accounts have been merged by Customer Service or your Account ID has been changed on the Support Portal.
The post Fortinet Support Portal Authentication Process Change FAQ appeared first on Fortinet Cookbook.