Fortinet white logo
Fortinet white logo

Administration Guide

User & Authentication

User & Authentication

In User & Authentication, you can control network access for different users and devices in your network. FortiGate authentication controls system access by user group. By assigning individual users to the appropriate user groups you can control each user’s access to network resources. You can define local users and peer users on the FortiGate unit. You can also define user accounts on remote authentication servers and connect them to FortiOS.

Caution

When configuring an LDAP connection to an Active Directory server, an administrator must provide Active Directory user credentials.

To secure RADIUS connections, consider using RADSEC over TLS instead. See Configuring a RADSEC client.

You can control network access for different device types in your network by doing the following:

  • Identifying and monitoring the types of devices connecting to your network

  • Using MAC address based access control to allow or deny individual devices

  • Using Telemetry data received from FortiClient endpoints to construct a policy to deny access to endpoints with known vulnerabilities or to quarantine compromised endpoints

The following sections provide information about users and devices:

Community Links

User & Authentication

User & Authentication

In User & Authentication, you can control network access for different users and devices in your network. FortiGate authentication controls system access by user group. By assigning individual users to the appropriate user groups you can control each user’s access to network resources. You can define local users and peer users on the FortiGate unit. You can also define user accounts on remote authentication servers and connect them to FortiOS.

Caution

When configuring an LDAP connection to an Active Directory server, an administrator must provide Active Directory user credentials.

To secure RADIUS connections, consider using RADSEC over TLS instead. See Configuring a RADSEC client.

You can control network access for different device types in your network by doing the following:

  • Identifying and monitoring the types of devices connecting to your network

  • Using MAC address based access control to allow or deny individual devices

  • Using Telemetry data received from FortiClient endpoints to construct a policy to deny access to endpoints with known vulnerabilities or to quarantine compromised endpoints

The following sections provide information about users and devices: