Fortinet black logo

EMS Administration Guide

Configuring user accounts

Configuring user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can also create a new user account in EMS.

EMS derives the Windows users from the host server that it is installed on. If you want to add more Windows users, you must add them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into FortiClient EMS. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server.

To configure Windows and LDAP user accounts:
  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from Windows users or Choose from LDAP.
  4. If you selected Choose from LDAP, select the desired server from the Authentication Server dropdown list. You must have already configured an authentication server. See Adding an AD server.
  5. Click Next.
  6. Configure the user:

    Option

    Description

    Username

    (New user account only) enter the desired username.

    User

    (Windows/LDAP only) Select the user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the user. If desired, enable Allow all domains to allow this user access to all domains connected to EMS.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  7. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.

Configuring user accounts

You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can also create a new user account in EMS.

EMS derives the Windows users from the host server that it is installed on. If you want to add more Windows users, you must add them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into FortiClient EMS. If you want to add more LDAP users, they must already exist in the AD domain configured as the user server.

To configure Windows and LDAP user accounts:
  1. Go to Administration > Administrators.
  2. Click the Add button.
  3. Under User source, select Choose from Windows users or Choose from LDAP.
  4. If you selected Choose from LDAP, select the desired server from the Authentication Server dropdown list. You must have already configured an authentication server. See Adding an AD server.
  5. Click Next.
  6. Configure the user:

    Option

    Description

    Username

    (New user account only) enter the desired username.

    User

    (Windows/LDAP only) Select the user to configure permissions for.

    Role

    Select the desired admin role for this user. See Admin roles.

    Domain Access

    Select or add access to a domain for the user. If desired, enable Allow all domains to allow this user access to all domains connected to EMS.

    Restrict Login to Trusted Hosts

    When this option is enabled, users can only log into this account from a trusted host machine.

    In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add multiple trusted host machines.

    Comment

    Enter optional comments/information for the Windows/LDAP user.

  7. Click Save.
Note

When an admin user from an AD domain logs into EMS, they must provide the domain name as part of their username to log in successfully. For example, if the domain name is "example-domain" and the username is "admin", the user must enter "example-domain/admin" when logging into EMS.