Creating a target

To create a secret target:

1. Go to Secrets > Target List.
2. Select +Create.

   The New Secret Target window opens to the General tab.

   

3. Select Permission from the top to switch to the Permission tab.

   

4. Enter the following information:

   General
   Name	Name of the target.
   Classification Tag	From the dropdown, select a classification tag.
   Default Template	From the dropdown, select a secret template. The secret template must include a Target-Address, Domain, or URL field to be included in the dropdown list. If the Default Template is changed after the target has been assigned to a secret, the Template will not change in the secret. The related secret(s) must be updated, as needed. See Creating a secret.
   Target-Address	The target address. This option is only available when the Target-Address field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
   Domain	The domain for the server. This option is only available when the Domain field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
   Common Name	The user ID in the LDAP server. The default is sAMAccountName. This option is only available after entering a Domain.
   DN Search Base	The distinguished name search base in the LDAP server. The default is "CN=users, DC=A, DC=B, DC=C" for A.B.C domain. This option is only available after entering a Domain.
   LDAPS Minimum SSL Version	From the dropdown, select the minimum SSL version. The default is Follow system global setting. This option is only available after entering a Domain.
   LDAPS Port	The server port. The default is 636. This option is only available after entering a Domain.
   WinRM HTTPS	Enable or disable Windows Remote Management (WinRM) over HTTPs.
   URL	The URL for the target. This option is only available when the URL field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
   Description	A description for the target.
   Advanced Web Setting These settings are only available in the General tab when the URL option is populated. The following shows a configured Advanced Web Setting pane.
   Web Proxy	Enable or disable a web proxy for the target. When accessing a target using the FortiPAM browser extension, the browser extension sends the browser requests through the FortiPAM web proxy. FortiPAM dynamically operates on the web browser tab's PAC rule (on Google Chrome and Microsoft Edge) to successfully proxy the traffic to FortiPAM based on the configured domain. On Mozilla Firefox, FortiPAM sends the request to the web proxy instead. FortiPAM scans the incoming web traffic and can replace the password. Using web proxy, you do not require FortiClient to launch the proxied web account secret. To enable the web proxy feature, you must first enable the feature globally for the interface that handles incoming and outgoing traffic using the following CLI commands: config system interface edit "port1" set explicit-web-proxy enable #must be enabled next end Alternatively, you can enable the feature by enabling Explicit web proxy for the interface that handles incoming and outgoing traffic. See Creating an interface. Notes: The option is disabled by default. The Web Proxy setting is inherited by the secret using the target. See Creating a secret. For more information on the web proxy feature, see Web proxy.
   Replace Web Credential	Enable to replace the website authentication credential. Disable to keep the website credential. The default is disabled.
   Authentication URL	Enable and enter the website authentication URL. Note: You can enter the authentication URL to prevent deep scanning of all the requests.
   Domain List	Enable to create a domain list.
   Access Mode	Select Direct or Proxy for the domain access mode.
   IP Mask List	Click + to add a domain to the list. Enter the IP mask. Click x to delete a domain from the list.
   FQDN List	Click + to add a domain to the list. Enter the fully qualified domain name. Click x to delete a domain from the list.
   Permission
   Access	Target accessible to: Everyone: All users have Read/Write permission for templates (default). Customized: A user permission and a group permission table must be configured.
   User Permission	The level of user access to the template. See User Permission. The option is only available when Access is set to Customized. For column settings, see Tables.
   Group Permission	The level of user group access to the template. See Group Permission. The option is only available when Access is set to Customized. For column settings, see Tables.

User Permission

1. When creating a secret target, select Create in User Permission.

   The New User Permission window opens.

   

2. Enter the following information:

   Users	Select + and from the list, select users in the Select Entries window. To add a new user: From the Select Entries window, select Create and then select +User List. The New User List wizard opens. Follow the steps in Creating a user, starting step 2 to create a new user. Use the search bar to look up a user. Use the pen icon next to a user to edit it.
   Permission	From the dropdown, select an option: Create Secret: Ability to see and use the target to create secrets. Owner: The highest possible permission level with the ability to create secrets using the target and to edit and delete the target. Every target must have at least one owner.

3. Click OK.

   From the list, select a user permission entry and then select Edit to edit it. From the list, select user permission entries and then select Delete to delete them.

Group Permission

1. When creating a secret target, select Create in Group Permission.

   The New Group Permission window opens.

   

2. Enter the following information:

   Groups	Select + and from the list, select user groups in the Select Entries window. To add a new user group: From the Select Entries window, select Create. The Create New User Group window opens. Follow the steps in Creating user groups, starting step 3. Use the search bar to look up a user group. Use the pen icon next to a user group to edit it.
   Permission	From the dropdown, select an option: Create Secret: Ability to see and use the target to create secrets. Owner: The highest possible permission level with the ability to create secrets using the target and to edit and delete the target. Every target must have at least one owner.

3. Click OK.

   From the list, select a user group permission entry and then select Edit to edit it. From the list, select user group permission entries and then select Delete to delete them.