All users who can log in on Fortinet have Token. We have 15 FortiTokens for the managers who are connected to the VPN and also for those who are connected to the software. It is mobile, not a hard token. That said, I have the hardware token, which is related to the administrator, me, and my assistant. It's used on software and hardware. We use it at an administrator level and at a user level.
Chief Engineer at Hilton Worldwide
Reliable, affordable, and secure
Pros and Cons
- "The deployment is quick and simple."
- "The solution works well. We have nothing to complain about."
What is our primary use case?
What is most valuable?
The solution is great for security. It's for two-factor identification.
It is easy to implement. The deployment is quick and simple.
It is stable and reliable.
The cost isn't too high.
What needs improvement?
The solution works well. We have nothing to complain about.
For how long have I used the solution?
I've been using the solution for five years.
Buyer's Guide
Fortinet FortiToken
March 2025

Learn what your peers think about Fortinet FortiToken. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
What do I think about the stability of the solution?
The stability is ecellent. I would rate it five out of five. It is reliable, and the performance is good. We do not have any issues at all.
What do I think about the scalability of the solution?
We have 15 FortiTokens.
Which solution did I use previously and why did I switch?
We did not previously use a different solution. This was the first solution we selected.
How was the initial setup?
It is an easy product to implement. From the software or the hardware itself, from the options, we can apply FortiToken for the user and just add the hot token serial number and go.
We only need one person to deploy the solution. I tend to manage it myself.
The deployment takes about 45 minutes for the software. It might take about ten days for the hardware to arrive from Fortigate. After that, I just install the serial key, and everything is done.
What was our ROI?
We have not noted an ROI.
What's my experience with pricing, setup cost, and licensing?
We deal with a subcontractor in Saudi Arabia to pay everything in one bill yearly. Everything is a separate license fee, and we use different Fortinet solutions. However, we pay for everything yearly, all at once.
Generally, it is an affordable product. We do not find it to be overly expensive.
I'd rate it a five out of five in terms of affordability.
Which other solutions did I evaluate?
We did not explore other options. We chose the first option we looked at, FortiToken.
What other advice do I have?
We are not partners. We use it internally in the company. We are end-users. We use a lot of Fortinet products.
Nothing has to be done from the end-user perspective; they just add the username and password, and a code appears on the Fortitoken software or hardware.
I'd rate the solution ten out of ten.
I'd recommend the solution to other users and companies.
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Head of computer systems at Indian Institute of Space Science & Technology(IIST)
Offers mobile token-based two-factor authentication (2FA) but management configuration is complex
Pros and Cons
- "The token-based authentication is good and modern aspect."
- "Configuration can be confusing due to the lack of community and context-sensitive help. We've had to rely on technical support, which slows down the setup process."
What is our primary use case?
We're aiming to provide every user with mobile token-based two-factor authentication (2FA) to enhance security.
It's for internal security.
How has it helped my organization?
It aligns well with your overall identity and access management (IAM) strategy.
We already have IAM policies in place, and this tool strengthens them by implementing 2FA.
What is most valuable?
The token-based authentication is good and modern aspect.
What needs improvement?
The management configuration seems a bit complex and could benefit from user guides or better support resources. It could be improved in terms of user-friendliness.
Not like the other FortiGate products. Maybe not many people have a real community for this. The lack of community support is a major concern.
Context-sensitive online support instead of just a general user manual would be very helpful. Currently, clicking "help" on any topic simply directs you to the entire manual.
For how long have I used the solution?
We're currently in the middle of installing it.
What do I think about the stability of the solution?
As it's a virtual machine (VM), we haven't encountered any stability issues so far.
How are customer service and support?
The support itself is good, but it mainly comes through email responses, which can be slow.
Email support is good, but we would appreciate faster response times.
Which solution did I use previously and why did I switch?
We had internal authentication systems but not a product-based system from a security company.
Most of our previous authentication systems were internal. This is the first one that integrates with network and server equipment, and it can even be implemented for SSL. It's the first security system software we've used.
We chose Fortinet FortiToken because it integrates well with our existing Fortinet FortiGate firewall UTM appliance. Since the token is a VM, it doesn't require additional hardware, which would have been an unnecessary expense. In terms of manageability and integration, it seemed like a good fit alongside FortiGate and FortiMail, all from the same Fortinet ecosystem.
How was the initial setup?
It is not very easy to set up and configure 2FA with different needs.
Configuration can be confusing due to the lack of community and context-sensitive help. We've had to rely on technical support, which slows down the setup process.
What was our ROI?
Token's validity is either renewal or perpetual, which determines its return on investment (ROI), which is higher over time. It's not a subscription-based model.
What's my experience with pricing, setup cost, and licensing?
From an Indian perspective, it's definitely costlier. Converted to dollars, it might seem smaller internationally. But commercially in India, it is expensive.
What other advice do I have?
Overall, I would rate the solution a six out of ten because some improvements are required feature-wise. For example, before FortiToken disappears from the mobile phone, it should display our logo, not the FortiToken logo. App customization is needed so users know when FortiToken is implemented. My organization, for instance, would prefer our logo for assurance instead of the FortiToken logo.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiToken
March 2025

Learn what your peers think about Fortinet FortiToken. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
VP Sales & Research at 2BSecure@MATRIX
Provides a reliable authentication process and a straightforward setup process
Pros and Cons
- "One of the product's most valuable features is its ease of use."
- "They could enhance synchronization with mobile applications, and addressing minor issues with authentication could further improve user experience."
What is our primary use case?
The platform's main use case is to facilitate authentication when connecting outside of the organization, particularly when using Fortinet VPN. It ensures secure access to our network resources, especially when working remotely.
How has it helped my organization?
The primary benefit of using FortiToken is its cost-effectiveness. It provides a reliable authentication solution without requiring significant financial investment.
What is most valuable?
One of the product's most valuable features is its ease of use. The soft token offering simplifies the authentication process, making it convenient for users. Additionally, its straightforward installation and configuration contribute to its value.
What needs improvement?
They could enhance synchronization with mobile applications, and addressing minor issues with authentication could further improve user experience.
For how long have I used the solution?
I've been using FortiToken for about three years now.
What do I think about the stability of the solution?
I rate the product stability an eight out of ten. While it's generally reliable, there have been occasional instances where multiple authentication attempts were required.
What do I think about the scalability of the solution?
Approximately 200 users are currently using FortiToken within our organization. It is scalable, and additional licenses can be easily acquired to accommodate more users as our organization grows.
How was the initial setup?
The initial setup was straightforward. Onboarding and initial testing typically take about a day before the system is fully operational within our organization.
What's my experience with pricing, setup cost, and licensing?
The platform's licensing cost is reasonable for our organization. We opted for a yearly subscription, which aligns well with our budgetary requirements.
What other advice do I have?
FortiToken is integrated with our FortiFirewall and FortiWeb systems. This integration enhances security, especially when employees access organizational resources remotely, such as working from home.
I advise others to consider using the product to explore its token offering for simplified authentication.
I rate it a ten overall. It meets our authentication needs effectively and is a valuable asset to our organization's security infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Infrastructure Engineer at Softrobotics
Easy to configure, assign tokens and readily available through our application-based system
Pros and Cons
- "The initial setup is easy. You receive a QR code via email, scan it, and add it. No complicated procedures involved."
- "I would rate the scalability a seven out of ten. The migration issue definitely brings it down a bit."
What is our primary use case?
We only use FortiToken for authentication purposes, like logging into SSL VPN or plugging into firewalls.
What is most valuable?
I like how easy it is to configure and assign tokens. It's readily available through our application-based system.
What needs improvement?
The problem comes when we have to migrate tokens to new phones. There's no backup option or import/export feature, so you have to redo the entire process manually, adding tokens one by one, which is quite tedious.
The migration process is definitely a major area for improvement. Imagine losing your phone and having to set everything up again from scratch and add everything individually.
In future releases, push notifications would be good! Instead of opening the app and entering the token manually, what if we received an approval or denial prompt directly on the phone as a notification? Just a tap to log in, that would be nice.
For how long have I used the solution?
I have been using it for three years now.
What do I think about the stability of the solution?
I would rate the stability a nine out of ten. It's been very reliable for my customers.
What do I think about the scalability of the solution?
I would rate the scalability a seven out of ten. The migration issue definitely brings it down a bit.
Moreover, if FortiToken could improve that, maybe introduce push notifications or even eliminate the need for manually entering token keys, it could easily reach a ten out of ten.
Replacing the token key entry with a simple notification and selection option to accept/deny would be very handy and useful. Now, we have to scroll down and search for the correct FortiToken by name.
I recommend FortiToken for all companies, especially when they connect to sensitive servers. That's why I suggest them to use it.
How are customer service and support?
There haven't been any emergencies, but the response times and everything were good when I needed help.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Before FortiToken, I used Okta for authentication. For firewalls and network devices specifically, I recommend FortiToken.
How was the initial setup?
The initial setup is easy. You receive a QR code via email, scan it, and add it. No complicated procedures involved.
The deployment model depends on the customers. We have different customer setups, but most are on-premises, device-based deployments.
What about the implementation team?
We typically require our assistance with deployment. We manage their hardware and infrastructure, so deployment falls under our responsibility.
What's my experience with pricing, setup cost, and licensing?
The pricing is not very high, so I'd rate it around six out of ten, where one is high and ten is low.
Which other solutions did I evaluate?
I can compare it with Microsoft's 365 authentication or other Microsoft authentication solutions, but they have different features.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. I recommend FortiToken to all our clients who purchase Fortinet devices, especially within banking and payment systems.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Security Manager at Yarix S.r.l.
Provides a strong layer of security through multifactor authentication and seamlessly integrates with various platforms
Pros and Cons
- "I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose."
- "Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side."
What is our primary use case?
The name of the authenticator is from the user's site. It's sufficient for that to provide you with a number when you need to access a protected resource, which is the site. This is two-factor authentication. You have two layers of authentication. The first layer is provided by the name and password, and the second layer is provided by the authenticator.
So you have to be attentive to that when the app prompts you, or at least the app prompts you, which advises you about the directive that someone is attempting to access this technology. And you can confirm by saying yes. It's directly linked to the internal access attempt to the site.
What is most valuable?
I appreciate that it provides comprehensive security. It is tailored to this specific purpose, and it excels in fulfilling this purpose.
On the Fortinet side, it is already well integrated with Android devices, simple devices, and PCs.
What needs improvement?
Maybe the price could be improved, and the integration could be better. But the integration is different from the authenticator side.
For how long have I used the solution?
I have been using this solution for more than three years. We use the latest version as it updates automatically.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten. I haven't encountered any issues with this solution's stability
What do I think about the scalability of the solution?
It is very scalable. It can manage thousands of users. We plan to expand our customer base.
We have around 250 users. We all rely on it for our authentication needs. It's in active operation.
Which solution did I use previously and why did I switch?
We used Fortinet FortiAuthenticator.
How was the initial setup?
From the customer's perspective, the setup is flexible. You have the liberty to configure it according to your preferences. It took minutes to set up.
What about the implementation team?
We can do it in-house. Simply load the installation and compute user, and then you can use it.
The technical personnel involved in deployment and maintenance are developers.
What was our ROI?
The ROI is quite high because the consistent part of it originates from any directive of credentials or end-user passwords. It's a solution that significantly improves the authentication phase. This makes it less likely that a malicious actor would be able to gain unauthorized access to the network and launch the attack.
What's my experience with pricing, setup cost, and licensing?
FortiToken hardware itself does not require a license. However, the FortiAuthenticator software does require a license. The cost of the license depends on the number of users. We pay it on a yearly basis. But you can also find agreements with other options.
There are no additional costs. It is not too expensive.
What other advice do I have?
Overall, I would rate the solution an eight out of ten. I would definitely recommend using the solution. There are not many functionalities. However, it is a great solution for multifactor authentication.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Administrator at a tech company with 1-10 employees
Reliable multi-factor authentication solution has been beneficial over the years
Pros and Cons
- "It provides me with the token so that I can do the Multi-Factor Authentication."
- "Overall, I give the product a nine out of ten."
- "I'm not sure if it's already available, however, I wonder if there's an option to have it sent to my email address instead of having it on the mobile app."
- "I'm not sure if it's already available, however, I wonder if there's an option to have it sent to my email address instead of having it on the mobile app."
What is our primary use case?
I am using it with FortiClient so that I can authenticate.
What is most valuable?
It provides me with the token so that I can do the Multi-Factor Authentication. I'm not sure if there's anything more to say about that.
What needs improvement?
I'm not sure if it's already available, however, I wonder if there's an option to have it sent to my email address instead of having it on the mobile app. Currently, I need to carry that single device that is already registered with a token. If I can receive it on email, it would be more flexible.
I'm using other types of authenticators, and some of them provide a code to access the application. I'm not sure if that's already available, as I am not using it at the moment. If it's not there, it could be a nice feature to have optionally.
For how long have I used the solution?
I have used the solution for four years, five years, something like that.
What do I think about the scalability of the solution?
I don't know if scalability is applicable. It's only meant to be doing one thing, to be honest. I've already got, what, three or four tokens, four tokens. It's scalable enough for my purpose.
How are customer service and support?
We get support through a partner, and we've had good support so far. However, it wasn't directly with Fortinet staff.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is simple.
Which other solutions did I evaluate?
I use Microsoft Authenticator as I can incorporate many functions there. With the FortiToken app, it's only compatible with its own tokens. So, I need to use one more app for what I need to do. Authenticator is for everything else, however, for Fortinet, I use only the FortiToken app.
What other advice do I have?
The product is working fine for me after all these years.
Overall, I give the product a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jan 26, 2025
Flag as inappropriateTech Leader at Axians
Has a straightforward integration process and valuable mobile application functionality
Pros and Cons
- "The most valuable feature of the solution is its mobile application. It is particularly beneficial as it eliminates the need for hardware management."
- "I would like to see the product improvements in dynamic VLAN pooling. Specifically, when users are assigned different VLANs based on their SSID, ensuring no unintended lateral traffic between users would enhance security and efficiency."
What is our primary use case?
The primary use cases of Fortinet FortiToken for my customers typically involve adding multi-factor authentication (MFA) for remote access. This is often required for remote workers or external providers. For instance, in industrial environments where external companies provide services, this solution helps manage secure access. Another common use case includes providing an external captive portal and self-registration.
What is most valuable?
The most valuable feature of the solution is its mobile application. It is particularly beneficial as it eliminates the need for hardware management. Users do not have to worry about managing or replacing physical tokens, which can be advantageous if the token is lost or damaged.
What needs improvement?
I would like to see the product improvements in dynamic VLAN pooling. Specifically, when users are assigned different VLANs based on their SSID, ensuring no unintended lateral traffic between users would enhance security and efficiency.
What do I think about the stability of the solution?
Sometimes, SMS messages do not reach recipients correctly due to country-specific limits on SMS character length.
I rate the stability a seven.
What do I think about the scalability of the solution?
The platform easily scales from a few users to thousands by adjusting the licensing and configuration. I rate the scalability an eight.
How are customer service and support?
The support team is generally responsive and helpful, but resolution times can vary.
How was the initial setup?
The initial setup requires understanding the platform's approach, licensing, and the correct version selection based on the customer's context.
The deployment time depends on the functionality required by the customer. I would rate the process as a seven.What's my experience with pricing, setup cost, and licensing?
Although the platform is relatively expensive, it offers significant value. I rate the pricing a nine out of ten.
What other advice do I have?
The critical feature for ensuring secure access is the solution's comprehensive functionality, which secures the user identity of those attempting to connect. The integration of all features collectively ensures high security.
The integration process is relatively straightforward, which is beneficial when deploying the platform. It is often integrated with third-party tools. For example, it can be combined with a management system that handles tokens and supports external keys such as YubiKey for additional multi-factor authentication.
I rate it an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: integrator
Last updated: Aug 25, 2024
Flag as inappropriateAssistant Manager - Information Security & Infrastructure at lankatiles
Very efficient product for multi-factor authentication in corporate environment
Pros and Cons
- "I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment."
- "The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again."
What is our primary use case?
We are using Fortinet FortiToken for token-based mobile applications.
What needs improvement?
The solution comes with two firewalls as a bundle. In that bundle, most of the individual users can be assigned to mobile users. However, in cases of technical difficulties, users may accidentally remove the mobile application. In normal scenarios, we get back to the activation key and assign it again.
In one instance, we had to call back Fortinet service providers to reactivate the token and access the system. If they could provide a managed portal for the token, then reassigning tokens can be easy.
I would also like to see some mobile-level application update. It would be easy for our team if we can have all the features in one place.
For how long have I used the solution?
I have been using the solution since 2019. We implemented the demo piece for the PED staff and internal staff team. We deployed the solution as a case of factorization since there was a high-risk claim. We needed the solution for our critical business cases.
What do I think about the stability of the solution?
I would give eight out of ten for the stability of the solution.
What do I think about the scalability of the solution?
I would rate the scalability of the solution an eight out of ten. There are about 150 users for the mobile token application in our company.
How are customer service and support?
I would rate the tech support a seven out of ten. I have contacted support only once since 2019– for an activation error message. They resolved the issue within two days.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I have been using Google Authenticator and Microsoft Authenticator. I am happy with FortiToken because it makes it very easy to install and manage tokens.
How was the initial setup?
The setup of Fortinet FortiToken was very easy because the license of the solution was assigned by the vendor. Once initiated, we were able to access the tokens and assign them to the required users.
What's my experience with pricing, setup cost, and licensing?
I would rate the pricing as an eight out of ten. We purchased the solution at a reasonable price in 2019.
What other advice do I have?
I would rate the overall solution an eight out of ten. The solution is a smart product that anyone can easily access and manage. The solution is a good product for multi-factor authentication and to secure remote authentication in the corporate environment.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Buyer's Guide
Download our free Fortinet FortiToken Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Authentication SystemsPopular Comparisons
Microsoft Entra ID
Okta Workforce Identity
Fortinet FortiAuthenticator
Cisco Duo
Yubico YubiKey
RSA SecurID
Thales Authenticators
UserLock
Entrust Identity Enterprise
RSA Authentication Manager
Buyer's Guide
Download our free Fortinet FortiToken Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- How does Microsoft Authenticator compare with Forinet FortiToken?
- When evaluating Authentication Systems, what aspect do you think is the most important to look for?
- Why is Authentication Systems important for companies?
- Which front-end product for authorization and authentication into an Apache Web Server application, PIXIA, would you recommend?
- What is the difference between SPML and SAML?
- How would you compare Cisco Duo Security with other Authentication Systems products?
- What is CAPTCHA and how does it work? How can you use it for Artificial Intelligence (AI)?
- What are some alternatives for UserLock?