Account Groups

The Account Groups are used to group user and device accounts and are assigned at the point of account creation. If no additional account groups are created, then user and device accounts are assigned to the default account group. An Authorization Profile is assigned via the Authorization Policy which may reference an account group as part of its mapping criteria. You can Clone the account group to reuse configurations.

1. Navigate to Network Access Policies > Account Groups and click New.
2. Enter a Name and Description for the account group and configure the following options.
3. Configure the following Authentication Settings for member accounts.

• Maximum concurrent connections - Specify the maximum number of concurrent connections allowed for each member account. A value of 0 implies an unlimited number of concurrent connections.
  Note: FortiGuest enforces this restriction only if Radius Accounting is enabled with interim updates on the NAS server, and the Accounting-interim-update attribute is added in the RADIUS client.
  
• Maximum failed authentications - Specify the maximum number of failed authentication attempts allowed for each member account. A value of 0 implies an unlimited number of failed authentication attempts.
• Allow password change - Select to allow member accounts to modify the configured passwords.
• Require password change - Select to mandate password changes for member accounts.
  Note: Password change is not applicable on external user accounts. The account passwords should be reset on the respective database.
  

Specify the Maximum number of different devices a user can register, that is, the maximum number of different devices a user can register for guest portal access. A value of 0 implies an unlimited number of device registrations.