Fortinet black logo

Administration Guide

Home FortiPAM 1.0.0 Administration Guide
1.0.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Example secret configurations example

Example secret configurations example

To configure an SSH password:
  1. Go to Secrets > Secret List.
  2. In Secret List, select Create.

    The Create New Secret in: dialog appears.

  3. Select the folder where you intend to add the secret.
  4. Select Create Secret.

    The New Secret window opens.

  5. Enter a secret name.
  6. In the Template dropdown, select Unix Account (SSH Password) default template.
  7. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Password
  8. Click Submit.
To configure an SSH key:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Unix Account (SSH Key) default template.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Public-key and Private-key:

      Select from the following three options:

      • Upload a key file by selecting File Upload and then clicking Upload to locate and upload the key file from your computer.

      • Select Text Upload and enter the public key in the space below.

      • Select Auto Generated and then select a type of encryption algorithm (RSA, DSA, ECDSA, and ED25519) and number of Bits to use in the auto-generated key-pair.

      When ED25519 is selected as the encryption algorithm, Bits are not required.

      Using the auto-generated key-pair clears out any existing key-pair.

    4. Passphrase, if any
  5. Ensure that proxy is enabled in the Secret Setting pane.

    An SSH key can only be launched when the secret has Enable Proxy checked.

  6. Click Submit.

    If using an AWS-VM, ensure that RSA Sign Algorithm is set to RSA SHA-256 signing algorithm in the Service Setting tab.

To configure a Windows AD-LDAP secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Windows Domain Account default template.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Domain-Controller
    2. Domain
    3. Username
    4. Password
  5. Click Submit.
To configure Windows Samba secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Windows Domain Account(Samba).
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Domain-Controller
    2. Domain
    3. Username
    4. Password
  5. Click Submit.
To configure a Cisco secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Cisco User (SSH Secret).
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Password
  5. Click Submit.

    If the password change feature needs to be used, then one more secret needs to be created for the Cisco enable command:

    1. Repeat steps 1 and 2.
    2. In the Template dropdown, select Cisco Enable Secret.
    3. In Fields, enter information for the following fields by double-clicking fields:
      1. Host
      2. Password
    4. Click Submit.
  6. Go to the Service Setting tab for the Cisco secret that was earlier created (steps 1 - 5).
  7. Optionally, enable SSH Auto-Password.
  8. Go to the General tab, and ensure that Associated Secret is enabled.
  9. In the Associated Secret dropdown, select the Cisco enable secret.
  10. Click Save.
To configure an AWS web account secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select AWS Web Account.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. URL
    2. Username
    3. Password
    4. AccountID: Used for IAM accounts.

      For AWS root accounts, the field remains empty. Otherwise, the web extension treats the secret as an IAM account secret impacting the login process.

  5. Click Submit.
Previous
Next

Example secret configurations example

To configure an SSH password:
  1. Go to Secrets > Secret List.
  2. In Secret List, select Create.

    The Create New Secret in: dialog appears.

  3. Select the folder where you intend to add the secret.
  4. Select Create Secret.

    The New Secret window opens.

  5. Enter a secret name.
  6. In the Template dropdown, select Unix Account (SSH Password) default template.
  7. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Password
  8. Click Submit.
To configure an SSH key:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Unix Account (SSH Key) default template.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Public-key and Private-key:

      Select from the following three options:

      • Upload a key file by selecting File Upload and then clicking Upload to locate and upload the key file from your computer.

      • Select Text Upload and enter the public key in the space below.

      • Select Auto Generated and then select a type of encryption algorithm (RSA, DSA, ECDSA, and ED25519) and number of Bits to use in the auto-generated key-pair.

      When ED25519 is selected as the encryption algorithm, Bits are not required.

      Using the auto-generated key-pair clears out any existing key-pair.

    4. Passphrase, if any
  5. Ensure that proxy is enabled in the Secret Setting pane.

    An SSH key can only be launched when the secret has Enable Proxy checked.

  6. Click Submit.

    If using an AWS-VM, ensure that RSA Sign Algorithm is set to RSA SHA-256 signing algorithm in the Service Setting tab.

To configure a Windows AD-LDAP secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Windows Domain Account default template.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Domain-Controller
    2. Domain
    3. Username
    4. Password
  5. Click Submit.
To configure Windows Samba secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Windows Domain Account(Samba).
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Domain-Controller
    2. Domain
    3. Username
    4. Password
  5. Click Submit.
To configure a Cisco secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select Cisco User (SSH Secret).
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. Host
    2. Username
    3. Password
  5. Click Submit.

    If the password change feature needs to be used, then one more secret needs to be created for the Cisco enable command:

    1. Repeat steps 1 and 2.
    2. In the Template dropdown, select Cisco Enable Secret.
    3. In Fields, enter information for the following fields by double-clicking fields:
      1. Host
      2. Password
    4. Click Submit.
  6. Go to the Service Setting tab for the Cisco secret that was earlier created (steps 1 - 5).
  7. Optionally, enable SSH Auto-Password.
  8. Go to the General tab, and ensure that Associated Secret is enabled.
  9. In the Associated Secret dropdown, select the Cisco enable secret.
  10. Click Save.
To configure an AWS web account secret:
  1. Repeat steps 1 to 4 as shown in Configuring an SSH password.
  2. Enter a secret name.
  3. In the Template dropdown, select AWS Web Account.
  4. In Fields, enter information for the following fields by double-clicking fields:
    1. URL
    2. Username
    3. Password
    4. AccountID: Used for IAM accounts.

      For AWS root accounts, the field remains empty. Otherwise, the web extension treats the secret as an IAM account secret impacting the login process.

  5. Click Submit.
Previous
Next