Configuring user accounts
You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can also create a new user account in EMS.
EMS derives the Windows users from the host server that it is installed on. If you want to add more Windows users, you must add them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into FortiClient EMS. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server:
To configure Windows and LDAP user accounts:
- Go to Administration > Administrators.
- Click the Add button.
- Under User source, select Choose from Windows users or Choose from LDAP.
- If you selected Choose from LDAP, do the following to connect to a new LDAP server:
- Configure the following:
Option
Description
IP address/Hostname
Port
Enter the port for EMS to use to connect to the user server.
Distinguished name
Enter the user server distinguished name (DN). You must use only capital letters when configuring the DN.
Bind type
Select Simple, Anonymous, or Regular for the bind type.
Username
Appears only when you select the Regular bind type. Enter the username.
Appears only when you select the Regular bind type. Enter the password.
Show Password
Show the password.
LDAPS connection
Enable LDAPS connection.
- Click Test to check the LDAP server settings.
- Configure the following:
- Click Next.
- Configure the permissions:
Option
Description
Username
(New user account only) enter the desired username.
User
(Windows/LDAP only) Select the user to configure permissions for.
Role
Select the desired admin role for this user. See Admin roles.
Domain Access
Select or add access to a domain for the Windows/LDAP user.
Restrict Login to Trusted Hosts
When this option is enabled, users can only log into this account from a trusted host machine.
In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.
Comment
Enter optional comments/information for the Windows/LDAP user.
- Click Save.
When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS. |