Fortinet black logo

Administration Guide

Remote authentication server groups

Remote authentication server groups

Remote authentication server groups can be used to extend wildcard administrator access. Normally, a wildcard administrator can only be created for a single server. If multiple servers of different types are grouped, a wildcard administrator can be applied to all of the servers in the group.

Multiple servers of the same type can be grouped to act as backups - if one server fails, the administrator can still be authenticated by another server in the group.

To use a server group to authenticate administrators, you must configure the group before configuring the administrator accounts that will use it.

Remote authentication server groups can only be managed using the CLI. For more information, see the FortiAnalyzer CLI Reference.

To create a new remote authentication server group:
  1. Open the admin group command shell:

    config system admin group

  2. Create a new group, or edit an already create group:

    edit <group name>

  3. Add remote authentication servers to the group:

    set member <server name> <server name> ...

  4. Apply your changes:

    end

To edit the servers in a group:
  1. Enter the following CLI commands:

    config system admin group

    edit <group name>

    set member <server name> <server name> ...

    end

    Only the servers listed in the command will be in the group.

To remove all the servers from the group:
  1. Enter the following CLI commands:

    config system admin group

    edit <group name>

    unset member

    end

    All of the servers in the group will be removed.

To delete a group:
  1. Enter the following CLI commands:

    config system admin group

    delete <group name>

    end

Remote authentication server groups

Remote authentication server groups can be used to extend wildcard administrator access. Normally, a wildcard administrator can only be created for a single server. If multiple servers of different types are grouped, a wildcard administrator can be applied to all of the servers in the group.

Multiple servers of the same type can be grouped to act as backups - if one server fails, the administrator can still be authenticated by another server in the group.

To use a server group to authenticate administrators, you must configure the group before configuring the administrator accounts that will use it.

Remote authentication server groups can only be managed using the CLI. For more information, see the FortiAnalyzer CLI Reference.

To create a new remote authentication server group:
  1. Open the admin group command shell:

    config system admin group

  2. Create a new group, or edit an already create group:

    edit <group name>

  3. Add remote authentication servers to the group:

    set member <server name> <server name> ...

  4. Apply your changes:

    end

To edit the servers in a group:
  1. Enter the following CLI commands:

    config system admin group

    edit <group name>

    set member <server name> <server name> ...

    end

    Only the servers listed in the command will be in the group.

To remove all the servers from the group:
  1. Enter the following CLI commands:

    config system admin group

    edit <group name>

    unset member

    end

    All of the servers in the group will be removed.

To delete a group:
  1. Enter the following CLI commands:

    config system admin group

    delete <group name>

    end