Fortinet black logo

Administrators

Copy Link
Copy Doc ID aaf760f3-025b-11e9-b86b-00505692583a:151833
Download PDF

Administrators

The Administrators menu allows you to configure administrator user accounts.

If the user whose Admin Profile does not have Read Write privilege under System > Admin access, the user will only be able to view and edit its own information.

The following options are available:

Create New

Select to create a new administrator account.

Edit

Select an administrator account from the list and select Edit in the toolbar to edit the entry.

Delete

Select an administrator account from the list and select Delete in the toolbar to delete the entry.

Test Login

Select a LDAP/RADIUS administrator account from the list and select Test Login to test the user's login settings. If an error occurs, a detailed debug message will display.

The following information is displayed:

Name

Displays the administrator account name.

Type

The administrator type:

  • Local
  • LDAP
  • RADIUS

Profile

The Admin Profile the user belongs to.

To create a new user:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select + Create New from the toolbar.
  3. Configure the following:

    Administrator

    Enter a name for the new administrator account. The administrator name must be 1 to 30 characters long and may only contain upper-case letters, lower-case letters, numbers, and the underscore character _.

    Password

    Enter a password for the account. The password must be 6 to 64 characters long and may contain upper-case letters, lower-case letters, numbers, and special characters.

    This field is available when Type is set to Local.

    Confirm Password

    Confirm the password for the account.

    This field is available when Type is set to Local.

    Type

    Select either Local, LDAP, or RADIUS.

    LDAP Server

    When Type is LDAP, select the LDAP server from the drop-down list. For information on creating an LDAP server, see LDAP Servers.

    RADIUS Server

    When Type is RADIUS, select the RADIUS server from the drop-down list. For information on creating a RADIUS server, see RADIUS Servers.

    Admin Profile

    Select the Admin Profile the user belongs to.

    Trusted Host 1, Trusted Host 2, Trusted Host 3

    Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

    Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

    Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

    Comments

    Enter an optional description comment for the administrator account.

    Setting trusted hosts for administrators limits what computers an administrator can use to log into the FortiDeceptor unit. When you identify a trusted host, the FortiDeceptor unit will only accept the administrator's login from the configured IP address or subnet. Any attempt to log in with the same credentials from any other IP address or any other subnet will be dropped.

  4. Select OK to create the new user.
To edit a user account:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the name of the user you would like to edit and select Edit from the toolbar.
  3. Edit the account as required and then re-type the new password in the confirmation field.
  4. Click OK to apply the changes.

When editing the admin account, you will be required to type the old password before you can set a new password.

Only the admin user can edit its own settings.

To delete one or more user accounts:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the user account you want to delete.
  3. Select Delete from the toolbar.
  4. Select Yes, I'm sure in the confirmation page to delete the selected user or users.
To test LDAP/RADIUS logins:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select an LDAP/RADIUS user to test.
  3. Select Test Login from the toolbar.
  4. In the dialog box, enter the user's password.
  5. Click OK.

    If an error occurs, a detailed debug message will appear.

When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken pin code or the code from email/SMS to complete login. For example, after the user clicks Login, the user must enter the code, and click Submit to complete the login.

A pin code is also needed for the test login page.

Administrators

The Administrators menu allows you to configure administrator user accounts.

If the user whose Admin Profile does not have Read Write privilege under System > Admin access, the user will only be able to view and edit its own information.

The following options are available:

Create New

Select to create a new administrator account.

Edit

Select an administrator account from the list and select Edit in the toolbar to edit the entry.

Delete

Select an administrator account from the list and select Delete in the toolbar to delete the entry.

Test Login

Select a LDAP/RADIUS administrator account from the list and select Test Login to test the user's login settings. If an error occurs, a detailed debug message will display.

The following information is displayed:

Name

Displays the administrator account name.

Type

The administrator type:

  • Local
  • LDAP
  • RADIUS

Profile

The Admin Profile the user belongs to.

To create a new user:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select + Create New from the toolbar.
  3. Configure the following:

    Administrator

    Enter a name for the new administrator account. The administrator name must be 1 to 30 characters long and may only contain upper-case letters, lower-case letters, numbers, and the underscore character _.

    Password

    Enter a password for the account. The password must be 6 to 64 characters long and may contain upper-case letters, lower-case letters, numbers, and special characters.

    This field is available when Type is set to Local.

    Confirm Password

    Confirm the password for the account.

    This field is available when Type is set to Local.

    Type

    Select either Local, LDAP, or RADIUS.

    LDAP Server

    When Type is LDAP, select the LDAP server from the drop-down list. For information on creating an LDAP server, see LDAP Servers.

    RADIUS Server

    When Type is RADIUS, select the RADIUS server from the drop-down list. For information on creating a RADIUS server, see RADIUS Servers.

    Admin Profile

    Select the Admin Profile the user belongs to.

    Trusted Host 1, Trusted Host 2, Trusted Host 3

    Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

    Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

    Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

    Comments

    Enter an optional description comment for the administrator account.

    Setting trusted hosts for administrators limits what computers an administrator can use to log into the FortiDeceptor unit. When you identify a trusted host, the FortiDeceptor unit will only accept the administrator's login from the configured IP address or subnet. Any attempt to log in with the same credentials from any other IP address or any other subnet will be dropped.

  4. Select OK to create the new user.
To edit a user account:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the name of the user you would like to edit and select Edit from the toolbar.
  3. Edit the account as required and then re-type the new password in the confirmation field.
  4. Click OK to apply the changes.

When editing the admin account, you will be required to type the old password before you can set a new password.

Only the admin user can edit its own settings.

To delete one or more user accounts:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select the user account you want to delete.
  3. Select Delete from the toolbar.
  4. Select Yes, I'm sure in the confirmation page to delete the selected user or users.
To test LDAP/RADIUS logins:
  1. Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
  2. Select an LDAP/RADIUS user to test.
  3. Select Test Login from the toolbar.
  4. In the dialog box, enter the user's password.
  5. Click OK.

    If an error occurs, a detailed debug message will appear.

When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken pin code or the code from email/SMS to complete login. For example, after the user clicks Login, the user must enter the code, and click Submit to complete the login.

A pin code is also needed for the test login page.