config user local
Description: Configure local users.
edit <name>
set id {integer}
set status [enable|disable]
set type [password|radius|...]
set passwd {password}
set ldap-server {string}
set radius-server {string}
set tacacs+-server {string}
set two-factor [disable|fortitoken|...]
set fortitoken {string}
set email-to {string}
set sms-server [fortiguard|custom]
set sms-custom-server {string}
set sms-phone {string}
set passwd-policy {string}
set passwd-time {user}
set authtimeout {integer}
set workstation {string}
set auth-concurrent-override [enable|disable]
set auth-concurrent-value {integer}
set ppk-secret {password-3}
set ppk-identity {string}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
id | User ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
status | Enable/disable allowing the local user to authenticate with the FortiGate unit. enable: Enable user. disable: Disable user. |
option | - |
type | Authentication method. password: Password authentication. radius: RADIUS server authentication. tacacs+: TACACS+ server authentication. ldap: LDAP server authentication. |
option | - |
passwd | User's password. | password | Not Specified |
ldap-server | Name of LDAP server with which the user must authenticate. | string | Maximum length: 35 |
radius-server | Name of RADIUS server with which the user must authenticate. | string | Maximum length: 35 |
tacacs+-server | Name of TACACS+ server with which the user must authenticate. | string | Maximum length: 35 |
two-factor | Enable/disable two-factor authentication. disable: disable fortitoken: FortiToken email: Email authentication code. sms: SMS authentication code. fortitoken-cloud: FortiToken Cloud Service. |
option | - |
fortitoken | Two-factor recipient's FortiToken serial number. | string | Maximum length: 16 |
email-to | Two-factor recipient's email address. | string | Maximum length: 63 |
sms-server | Send SMS through FortiGuard or other external server. fortiguard: Send SMS by FortiGuard. custom: Send SMS by custom server. |
option | - |
sms-custom-server | Two-factor recipient's SMS server. | string | Maximum length: 35 |
sms-phone | Two-factor recipient's mobile phone number. | string | Maximum length: 15 |
passwd-policy | Password policy to apply to this user, as defined in config user password-policy. | string | Maximum length: 35 |
passwd-time | Time of the last password update. | user | Not Specified |
authtimeout | Time in minutes before the authentication timeout for a user is reached. | integer | Minimum value: 0 Maximum value: 1440 |
workstation | Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. | string | Maximum length: 35 |
auth-concurrent-override | Enable/disable overriding the policy-auth-concurrent under config system global. enable: Enable auth-concurrent-override. disable: Disable auth-concurrent-override. |
option | - |
auth-concurrent-value | Maximum number of concurrent logins permitted from the same user. | integer | Minimum value: 0 Maximum value: 100 |
ppk-secret | IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). | password-3 | Not Specified |
ppk-identity | IKEv2 Postquantum Preshared Key Identity. | string | Maximum length: 35 |
config user local
Description: Configure local users.
edit <name>
set id {integer}
set status [enable|disable]
set type [password|radius|...]
set passwd {password}
set ldap-server {string}
set radius-server {string}
set tacacs+-server {string}
set two-factor [disable|fortitoken|...]
set fortitoken {string}
set email-to {string}
set sms-server [fortiguard|custom]
set sms-custom-server {string}
set sms-phone {string}
set passwd-policy {string}
set passwd-time {user}
set authtimeout {integer}
set workstation {string}
set auth-concurrent-override [enable|disable]
set auth-concurrent-value {integer}
set ppk-secret {password-3}
set ppk-identity {string}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
id | User ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
status | Enable/disable allowing the local user to authenticate with the FortiGate unit. enable: Enable user. disable: Disable user. |
option | - |
type | Authentication method. password: Password authentication. radius: RADIUS server authentication. tacacs+: TACACS+ server authentication. ldap: LDAP server authentication. |
option | - |
passwd | User's password. | password | Not Specified |
ldap-server | Name of LDAP server with which the user must authenticate. | string | Maximum length: 35 |
radius-server | Name of RADIUS server with which the user must authenticate. | string | Maximum length: 35 |
tacacs+-server | Name of TACACS+ server with which the user must authenticate. | string | Maximum length: 35 |
two-factor | Enable/disable two-factor authentication. disable: disable fortitoken: FortiToken email: Email authentication code. sms: SMS authentication code. fortitoken-cloud: FortiToken Cloud Service. |
option | - |
fortitoken | Two-factor recipient's FortiToken serial number. | string | Maximum length: 16 |
email-to | Two-factor recipient's email address. | string | Maximum length: 63 |
sms-server | Send SMS through FortiGuard or other external server. fortiguard: Send SMS by FortiGuard. custom: Send SMS by custom server. |
option | - |
sms-custom-server | Two-factor recipient's SMS server. | string | Maximum length: 35 |
sms-phone | Two-factor recipient's mobile phone number. | string | Maximum length: 15 |
passwd-policy | Password policy to apply to this user, as defined in config user password-policy. | string | Maximum length: 35 |
passwd-time | Time of the last password update. | user | Not Specified |
authtimeout | Time in minutes before the authentication timeout for a user is reached. | integer | Minimum value: 0 Maximum value: 1440 |
workstation | Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. | string | Maximum length: 35 |
auth-concurrent-override | Enable/disable overriding the policy-auth-concurrent under config system global. enable: Enable auth-concurrent-override. disable: Disable auth-concurrent-override. |
option | - |
auth-concurrent-value | Maximum number of concurrent logins permitted from the same user. | integer | Minimum value: 0 Maximum value: 100 |
ppk-secret | IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). | password-3 | Not Specified |
ppk-identity | IKEv2 Postquantum Preshared Key Identity. | string | Maximum length: 35 |