Fortinet black logo

EMS Administration Guide

Configuring Windows and LDAP user accounts

Configuring Windows and LDAP user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS.

The Windows users list is derived from the host server on which FortiClient EMS is installed. If you want to add more Windows users, you must add them to the host server. The list of LDAP users is derived from those in the AD domain imported into FortiClient EMS using Administration > User Server. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server.

  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from LDAP/Windows users. Click Next.
  4. Configure the permissions:

    Option

    Description

    User

    Select the Windows/LDAP user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the Windows/LDAP user.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  5. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.

Configuring Windows and LDAP user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS.

The Windows users list is derived from the host server on which FortiClient EMS is installed. If you want to add more Windows users, you must add them to the host server. The list of LDAP users is derived from those in the AD domain imported into FortiClient EMS using Administration > User Server. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server.

  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from LDAP/Windows users. Click Next.
  4. Configure the permissions:

    Option

    Description

    User

    Select the Windows/LDAP user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the Windows/LDAP user.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  5. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.