Creating a target
To create a secret target:
- Go to Secrets > Target List.
-
Select +Create.
The New Secret Target window opens to the General tab.
- Select Permission from the top to switch to the Permission tab.
- Enter the following information:
General
Name
Name of the target.
Classification Tag
From the dropdown, select a classification tag.
Default Template
From the dropdown, select a secret template.
The secret template must include a Target-Address, Domain, or URL field to be included in the dropdown list.
If the Default Template is changed after the target has been assigned to a secret, the Template will not change in the secret. The related secret(s) must be updated, as needed.
See Creating a secret.
Target-Address
The target address.
This option is only available when the Target-Address field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
Domain
The domain for the server.
This option is only available when the Domain field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
Common Name The user ID in the LDAP server. The default is
sAMAccountName
.This option is only available after entering a Domain.
DN Search Base The distinguished name search base in the LDAP server. The default is "CN=users, DC=A, DC=B, DC=C" for A.B.C domain.
This option is only available after entering a Domain.
LDAPS Minimum SSL Version From the dropdown, select the minimum SSL version. The default is Follow system global setting.
This option is only available after entering a Domain.
LDAPS Port The server port. The default is
636
.This option is only available after entering a Domain.
WinRM HTTPS Enable or disable Windows Remote Management (WinRM) over HTTPs.
URL
The URL for the target.
This option is only available when the URL field type is included in the selected Default Template. If the field is mandatory, it must be included when configuring the target.
Description
A description for the target.
Advanced Web Setting
These settings are only available in the General tab when the URL option is populated.
The following shows a configured Advanced Web Setting pane.
Web Proxy
Enable or disable a web proxy for the target.
When accessing a target using the FortiPAM browser extension, the browser extension sends the browser requests through the FortiPAM web proxy. FortiPAM dynamically operates on the web browser tab's PAC rule (on Google Chrome and Microsoft Edge) to successfully proxy the traffic to FortiPAM based on the configured domain. On Mozilla Firefox, FortiPAM sends the request to the web proxy instead.
FortiPAM scans the incoming web traffic and can replace the password.
Using web proxy, you do not require FortiClient to launch the proxied web account secret.
To enable the web proxy feature, you must first enable the feature globally for the interface that handles incoming and outgoing traffic using the following CLI commands:
config system interface edit "port1" set explicit-web-proxy enable #must be enabled next end
Alternatively, you can enable the feature by enabling Explicit web proxy for the interface that handles incoming and outgoing traffic. See Creating an interface.
Notes:
The option is disabled by default.
The Web Proxy setting is inherited by the secret using the target. See Creating a secret.
For more information on the web proxy feature, see Web proxy.
Replace Web Credential Enable to replace the website authentication credential. Disable to keep the website credential. The default is disabled.
Authentication URL Enable and enter the website authentication URL.
Note: You can enter the authentication URL to prevent deep scanning of all the requests.
Domain List Enable to create a domain list.
Access Mode Select Direct or Proxy for the domain access mode.
IP Mask List Click + to add a domain to the list. Enter the IP mask.
Click x to delete a domain from the list.
FQDN List Click + to add a domain to the list. Enter the fully qualified domain name.
Click x to delete a domain from the list.
Permission
Access
Target accessible to:
Everyone: All users have Read/Write permission for templates (default).
Customized: A user permission and a group permission table must be configured.
User Permission The level of user access to the template. See User Permission.
The option is only available when Access is set to Customized.
For column settings, see Tables.
Group Permission The level of user group access to the template. See Group Permission.
The option is only available when Access is set to Customized.
For column settings, see Tables.
User Permission
- When creating a secret target, select Create in User Permission.
The New User Permission window opens.
- Enter the following information:
Users
Select + and from the list, select users in the Select Entries window.
To add a new user:
- From the Select Entries window, select Create and then select +User List.
The New User List wizard opens.
- Follow the steps in Creating a user, starting step 2 to create a new user.
Use the search bar to look up a user.
Use the pen icon next to a user to edit it.
Permission
From the dropdown, select an option:
Create Secret: Ability to see and use the target to create secrets.
Owner: The highest possible permission level with the ability to create secrets using the target and to edit and delete the target.
Every target must have at least one owner.
- From the Select Entries window, select Create and then select +User List.
- Click OK.
From the list, select a user permission entry and then select Edit to edit it.
From the list, select user permission entries and then select Delete to delete them.
Group Permission
- When creating a secret target, select Create in Group Permission.
The New Group Permission window opens.
- Enter the following information:
Groups
Select + and from the list, select user groups in the Select Entries window.
To add a new user group:
- From the Select Entries window, select Create.
The Create New User Group window opens.
- Follow the steps in Creating user groups, starting step 3.
Use the search bar to look up a user group.
Use the pen icon next to a user group to edit it.
Permission
From the dropdown, select an option:
Create Secret: Ability to see and use the target to create secrets.
Owner: The highest possible permission level with the ability to create secrets using the target and to edit and delete the target.
Every target must have at least one owner.
- From the Select Entries window, select Create.
- Click OK.
From the list, select a user group permission entry and then select Edit to edit it.
From the list, select user group permission entries and then select Delete to delete them.