Fortinet black logo

EMS Administration Guide

Configuring user accounts

Configuring user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can also create a new user account in EMS.

EMS derives the Windows users from the host server that it is installed on. If you want to add more Windows users, you must add them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into FortiClient EMS. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server:

To configure Windows and LDAP user accounts:
  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from Windows users or Choose from LDAP.
  4. If you selected Choose from LDAP, do the following to connect to a new LDAP server:
    1. Configure the following:

      Option

      Description

      IP address/Hostname

      Enter the user server IP address or name.

      Port

      Enter the port for EMS to use to connect to the user server.

      Distinguished name

      Enter the user server distinguished name (DN). You must use only capital letters when configuring the DN.

      Bind type

      Select Simple, Anonymous, or Regular for the bind type.

      Username

      Appears only when the Regular bind type is selected. Enter the username.

      Password

      Appears only when the Regular bind type is selected. Enter the password.

      Show Password

      Show the password.

      LDAPS connection

      Enable LDAPS connection.

    2. Click Test to check the LDAP server settings.
  5. Click Next.
  6. Configure the permissions:

    Option

    Description

    Username

    (New user account only) enter the desired username.

    User

    (Windows/LDAP only) Select the user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the Windows/LDAP user.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  7. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.

Configuring user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can also create a new user account in EMS.

EMS derives the Windows users from the host server that it is installed on. If you want to add more Windows users, you must add them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into FortiClient EMS. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server:

To configure Windows and LDAP user accounts:
  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from Windows users or Choose from LDAP.
  4. If you selected Choose from LDAP, do the following to connect to a new LDAP server:
    1. Configure the following:

      Option

      Description

      IP address/Hostname

      Enter the user server IP address or name.

      Port

      Enter the port for EMS to use to connect to the user server.

      Distinguished name

      Enter the user server distinguished name (DN). You must use only capital letters when configuring the DN.

      Bind type

      Select Simple, Anonymous, or Regular for the bind type.

      Username

      Appears only when the Regular bind type is selected. Enter the username.

      Password

      Appears only when the Regular bind type is selected. Enter the password.

      Show Password

      Show the password.

      LDAPS connection

      Enable LDAPS connection.

    2. Click Test to check the LDAP server settings.
  5. Click Next.
  6. Configure the permissions:

    Option

    Description

    Username

    (New user account only) enter the desired username.

    User

    (Windows/LDAP only) Select the user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the Windows/LDAP user.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  7. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.