Fortinet black logo

Administration Guide

Identity Center

Identity Center

The Fabric View > Identity Center pane displays a list of users and endpoints in the network from relevant logs, and correlates them with FortiAnalyzer modules.

The Identity Center is useful for user and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.

To view relevant identity logs directly from the SOC, Log View, and Incidents & Events panes, click the user or endpoint log, then click the Topography link in the pop-up that appears.

This Identity pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules.

Column

Description

User Name

The name of the user.

User Group

The group of user identities. An identity can be a:

  • Local user account (username/password stored on the FortiGate unit)
  • Remote user account (password stored on a RADIUS, LDAP, or TACACS+ server)
  • PKI user account with digital client authentication certificate stored on the FortiGate unit
  • RADIUS, LDAP, or TACACS+ server, optionally specifying particular user groups on that server
  • User group defined on an FSSO server.

Endpoints

Endpoint host name, IP address, or MAC address. A user may be connected to multiple endpoints.

Click the endpoint to display the corresponding user information in the Assets pane.

Social

The user's Name, Picture, Email, Phone Number, and Social if it is available.

Source

The name of device that created the log.

Last Update

The date and time the log was updated.

Use the toolbar to select a Security Fabric, time period, and columns.

Caution

End user information is limited if there is no FortiClient in your installation.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.

To provide a unified experience, you can customize how identity information is displayed, including which fields are displayed, the order, and the priority.

To configure the display settings in the Social column:
  1. Go to Log View >Tools > User Display Preferences.
  2. Select the order preference tab you want to configure.
    Tabs include Name, Picture, Email, Phone Number, and Social.
  3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the identity pop-up window.
  4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.

Identity Center

The Fabric View > Identity Center pane displays a list of users and endpoints in the network from relevant logs, and correlates them with FortiAnalyzer modules.

The Identity Center is useful for user and endpoint mapping. Some users might use multiple endpoints in the network, endpoints might use multiple different interfaces to connect, network interfaces might have multiple IP addresses, and so on. A map of users and their endpoints gives you better visibility when you analyze logs, events, and incidents. This also helps with your reporting.

To view relevant identity logs directly from the SOC, Log View, and Incidents & Events panes, click the user or endpoint log, then click the Topography link in the pop-up that appears.

This Identity pane lists all endpoints and users from relevant logs and correlates them with FortiAnalyzer modules.

Column

Description

User Name

The name of the user.

User Group

The group of user identities. An identity can be a:

  • Local user account (username/password stored on the FortiGate unit)
  • Remote user account (password stored on a RADIUS, LDAP, or TACACS+ server)
  • PKI user account with digital client authentication certificate stored on the FortiGate unit
  • RADIUS, LDAP, or TACACS+ server, optionally specifying particular user groups on that server
  • User group defined on an FSSO server.

Endpoints

Endpoint host name, IP address, or MAC address. A user may be connected to multiple endpoints.

Click the endpoint to display the corresponding user information in the Assets pane.

Social

The user's Name, Picture, Email, Phone Number, and Social if it is available.

Source

The name of device that created the log.

Last Update

The date and time the log was updated.

Use the toolbar to select a Security Fabric, time period, and columns.

Caution

End user information is limited if there is no FortiClient in your installation.

  • Endpoints are detected based on MAC address and displayed by IP address instead of host name.
  • User related information might not be available.
  • Detailed information such as OS version, avatar, and social ID information are not available.

To provide a unified experience, you can customize how identity information is displayed, including which fields are displayed, the order, and the priority.

To configure the display settings in the Social column:
  1. Go to Log View >Tools > User Display Preferences.
  2. Select the order preference tab you want to configure.
    Tabs include Name, Picture, Email, Phone Number, and Social.
  3. Rearrange the order preference as per your needs by drag-and-dropping an entry. For names, pictures, emails, and phone numbers, only the top entry will appear in the identity pop-up window.
  4. User information can be disabled by moving the Show toggle to the Off position in the respective tabs.