Fortinet black logo

Administration Guide

Identity and Account Management (IAM)

Identity and Account Management (IAM)

FortiAuthenticator allows you to configure IAM users and accounts.

To view IAM users and accounts, go to Authentication > User Management > IAM, and toggle between Users or Accounts.

The IAM users and accounts list shows the following information:

Create New

Select to create an IAM account or user.

Delete

Select to delete the selected IAM accounts or users.

Import

Select to import IAM users.

In the Import IAM Users window, enter information as shown in To create an IAM user.

Edit

Select to edit the selected IAM account.

In the Edit IAM Account window, enter information as shown in To create an IAM account.

To create an IAM account:
  1. Go to Authentication > User Management > IAM.
  2. Select Accounts, and then select Create New.
  3. Enter the following information:

    Account Name

    Enter the account name. The name must be unique among all the IAM accounts.

    Alias

    Enter alias. This must be unique among all the IAM accounts.

  4. Click OK.
To create an IAM user:
  1. Go to Authentication > User Management > IAM.
  2. Select Users, and then select Create New.
  3. Enter the following information:
    Username

    Enter the account name. The name must be unique within the selected IAM account.

    Administrator

    Enable to give this user administrator privileges.

    An administrator can manage users within the same account.

    Account

    From the dropdown, select the account to add this user to.

    Use the pen icon to edit the selected account, + to create a new IAM account, and x to delete the selected IAM account.

    User Type

    Select the user account type, either Local or Remote LDAP.

    Local User

    From the dropdown, select the local user. This option is only available when the User Type is Local.

    Remote LDAP server

    From the dropdown, select the Remote LDAP server. This option is only available when the User Type is Remote LDAP.

    LDAP User

    From the dropdown, select the LDAP user. This option is only available when the User Type is Remote LDAP.

  4. Click OK.

Identity and Account Management (IAM)

FortiAuthenticator allows you to configure IAM users and accounts.

To view IAM users and accounts, go to Authentication > User Management > IAM, and toggle between Users or Accounts.

The IAM users and accounts list shows the following information:

Create New

Select to create an IAM account or user.

Delete

Select to delete the selected IAM accounts or users.

Import

Select to import IAM users.

In the Import IAM Users window, enter information as shown in To create an IAM user.

Edit

Select to edit the selected IAM account.

In the Edit IAM Account window, enter information as shown in To create an IAM account.

To create an IAM account:
  1. Go to Authentication > User Management > IAM.
  2. Select Accounts, and then select Create New.
  3. Enter the following information:

    Account Name

    Enter the account name. The name must be unique among all the IAM accounts.

    Alias

    Enter alias. This must be unique among all the IAM accounts.

  4. Click OK.
To create an IAM user:
  1. Go to Authentication > User Management > IAM.
  2. Select Users, and then select Create New.
  3. Enter the following information:
    Username

    Enter the account name. The name must be unique within the selected IAM account.

    Administrator

    Enable to give this user administrator privileges.

    An administrator can manage users within the same account.

    Account

    From the dropdown, select the account to add this user to.

    Use the pen icon to edit the selected account, + to create a new IAM account, and x to delete the selected IAM account.

    User Type

    Select the user account type, either Local or Remote LDAP.

    Local User

    From the dropdown, select the local user. This option is only available when the User Type is Local.

    Remote LDAP server

    From the dropdown, select the Remote LDAP server. This option is only available when the User Type is Remote LDAP.

    LDAP User

    From the dropdown, select the LDAP user. This option is only available when the User Type is Remote LDAP.

  4. Click OK.