Some services can receive information about an authenticated user through RADIUS vendor-specific attributes. FortiAuthenticator user groups and user accounts can include RADIUS attributes for Fortinet and other vendors.
Attributes in user accounts can specify user-related information. For example, the Default attribute Framed-IP-Address specifies the VPN tunnel IP address sent to the user by the Fortinet SSL VPN.
Attributes in user groups can specify more general information, applicable to the whole group. For example, specifying third-party vendor attributes to a switch could enable administrative level login to all members of the Network_Admins group, or authorize the user to the correct privilege level on the system.
- Go to Authentication > User Management > Local Users and select a user account to edit, or go to Authentication > User Management > User Groups and select a group to edit.
- In the RADIUS Attributes section, select Add Attribute. The Create New User Group RADIUS Attribute or Create New User RADIUS Attribute window opens.
- Select the appropriate Vendor and Attribute ID, then enter the attribute’s value in the Value field.
- Select OK to add the new attribute to the user or group.
- Repeat the above steps to add additional attributes as needed.