Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide
5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Users

Users

The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

To add a user:
  1. Click the Add User button ().
  2. Fill in the displayed window.

  3. Define this user’s password. Make sure to remember it and notify the user about this password.
  4. Select the user’s role. The system comes with three predefined user roles:
    • Admin: Is the highest-level super user that can perform all operations in the FortiEDR Central Manager console for all organizations. This role can create users for any organization. For more details, see Multi-tenancy (organizations).
    • Local Admin: Is a super user that can perform all operations in the FortiEDR Central Manager console only for its own organization. Typically, the Local Administrator sets up the users for its organization. This role can only create users for its own organization.
    • User: This user is allowed to view all information and to perform actions, such as to mark security events as handled, change policies and define Exceptions. This user is very similar to the Local Administrator. However, this user cannot access the ADMINISTRATION tab, which is described in this chapter.

      • Note

      When upgrading FortiEDR from a version prior to 3.0, all administrators in the previous FortiEDR version are automatically assigned Administrator and Local Administrator privileges. You can decide whether to leave each such administrator with both sets of privileges, or to only assign them the Local Administrator role.

  5. Check the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user. When checked, this user must be authenticated using two-factor authentication in order to log in. For more details about two-factor authentication in FortiEDR, see Two-factor authentication.
  6. The FortiEDRConnect checkbox is one of the settings that enables the FortiEDR Connect feature. The FortiEDR Connect feature opens a console that provides direct access to FortiEDR-protected device that is running a Windows operating system through a remote Shell connection, as described in FortiEDR Connect. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands on the device, running scripts on the device, collecting and downloading forensic data from the device, remediating threats and so on. The Allow FortiEDR Connect – Remote Shell Connection checkbox must be selected in order to use the FortiEDR Connect feature. Otherwise, the Connect to Device button is deactivated.
  7. Click Save.
Previous
Next

Users

The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

To add a user:
  1. Click the Add User button ().
  2. Fill in the displayed window.

  3. Define this user’s password. Make sure to remember it and notify the user about this password.
  4. Select the user’s role. The system comes with three predefined user roles:
    • Admin: Is the highest-level super user that can perform all operations in the FortiEDR Central Manager console for all organizations. This role can create users for any organization. For more details, see Multi-tenancy (organizations).
    • Local Admin: Is a super user that can perform all operations in the FortiEDR Central Manager console only for its own organization. Typically, the Local Administrator sets up the users for its organization. This role can only create users for its own organization.
    • User: This user is allowed to view all information and to perform actions, such as to mark security events as handled, change policies and define Exceptions. This user is very similar to the Local Administrator. However, this user cannot access the ADMINISTRATION tab, which is described in this chapter.

      • Note

      When upgrading FortiEDR from a version prior to 3.0, all administrators in the previous FortiEDR version are automatically assigned Administrator and Local Administrator privileges. You can decide whether to leave each such administrator with both sets of privileges, or to only assign them the Local Administrator role.

  5. Check the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user. When checked, this user must be authenticated using two-factor authentication in order to log in. For more details about two-factor authentication in FortiEDR, see Two-factor authentication.
  6. The FortiEDRConnect checkbox is one of the settings that enables the FortiEDR Connect feature. The FortiEDR Connect feature opens a console that provides direct access to FortiEDR-protected device that is running a Windows operating system through a remote Shell connection, as described in FortiEDR Connect. This enables you to respond to incidents immediately and to perform in-depth investigation by running commands on the device, running scripts on the device, collecting and downloading forensic data from the device, remediating threats and so on. The Allow FortiEDR Connect – Remote Shell Connection checkbox must be selected in order to use the FortiEDR Connect feature. Otherwise, the Connect to Device button is deactivated.
  7. Click Save.
Previous
Next