config system admin
Use this command to configure FortiNDR administrator accounts.
By default, FortiNDR units have a single administrator account named admin. For more granular control over administrative access, you can create additional administrator accounts with more restricted permissions such as being able to configure a specific domain.
Syntax
config system admin edit <name_str> set access-profile <profile_name> set auth-strategy {local | local-plus-radius | ldap | radius} set name <name> set password <password_str> set radius-permission-check {enable | disable} set radius-subtype-id <subtype_int>] set radius-vendor-id <vendor_int> set sshkey <key_str> set status {enable | disable} set theme {Neutrino| Jade | Mariner | Graphite | Melongene | Onyx | Dark_Matter | Eclipse | Cloud_App_Light | Cloud_App_Dark} set trust-hosts <host_ipv4mask> end
Variable |
Description |
Default |
---|---|---|
|
Name of the administrator account. |
|
|
Name of an access profile that determines which functional areas the administrator account may view or affect. |
|
|
Select the local or remote type of authentication that the administrator can use. |
|
|
Name of user. |
|
|
If Do not use an administrator password shorter than six characters. For better security, use a longer password with a complex combination of characters and numbers. Change the password regularly. A weak password might compromise the security of your FortiNDR unit. |
|
|
If |
|
|
If |
|
|
If |
|
|
Enter the SSH key string inside single straight quote marks ('). When connecting from an SSH client that presents this key, administrators do not need to enter the account name and password to log in to the CLI. |
|
|
Enable or disable admin users. |
|
|
Theme of the GUI for this admin. |
|
|
Enter one to three IP addresses and netmasks from which the administrator can log into FortiNDR. Separate each pair of IP address and netmask with a comma (,). To allow the administrator to authenticate from any IP address, enter |
|