Document
Library

Administration Guide

What's new in FortiPAM
- FortiPAM 1.2.0
Introduction
- FortiPAM concepts
- Organization of the guide
- Using the GUI
  - Banner
  - Tables
- Modes of operation
- FortiPAM deployment options
- Feature availability
FortiPAM installation
- Installing FortiClient with the FortiPAM feature
- FortiPAM appliance setup
- FortiPAM with TPM
- Connecting to target remote systems
Licensing
- License expiry and renewal
- Renewing FortiPAM-VM license
Dashboard
- Adding a custom dashboard
- System information widget
- Licenses widget
  - FortiGuard Distribution Network
- VM license
Secrets
- Secret list
- Target list
  - Creating a target
  - Web proxy
- Personal/public folder
  - Creating a folder
- My requests list
  - Make a request
- Approval list
  - Approve a request
  - Reviewing multiple requests
- Job list
  - Creating a job
Secret settings
- Classification tags
  - Creating a classification tag
- Templates
  - Creating secret templates
- Launchers
  - Creating a launcher
    - Example secret configurations with launchers example
- Policies
  - Creating a policy
    - Applying a policy to a folder
- Addresses
  - Creating an address
  - Creating an address group
- Approval flow
  - Approval profile
    - Enabling approval profiles for a secret
    - Create an approval profile
- Password changers
  - Creating a password changer
    - Automatic password changing
    - Automatic password verification
- Password policies
  - Creating a password policy
    - Applying a password policy to a secret template
- Character sets
  - Creating a character set
- AntiVirus
  - Creating an antivirus profile
    - Enabling antivirus scan in a secret
- Data loss prevention (DLP) protection for secrets
  - Supported file types
- DLP file pattern
- SSH filter profiles
  - Creating an SSH filter
    - Adding SSH filter to secret
    - Example SSH filter profiles example
- Event filter profile
  - Creating an event filter profile
- Integrity check
  - Creating a client software entry for integrity check
User management
- User list
  - Creating a user
- User groups
- Sponsored groups
- Role
  - Access control options
  - Log permissions
- LDAP servers
- SAML Single Sign-On (SSO)
- RADIUS servers
- Schedule
- FortiTokens
Monitoring
- User monitor
- Active sessions
  - Over-the-shoulder monitoring (Live recording)
Log & report
- Secret
- Events
- ZTNA
- SSH
- Antivirus
- Date leak prevention
- Reports
  - General
    - Reports
    - Layout & schedule
  - Secret audit
- Log settings
- Email alert settings
  - Email alert when the glass breaking mode is activated example
- Debug settings
- Automation trigger settings
Network
- Interfaces
  - Creating an interface
  - Creating a zone
- Static routes
  - Creating an IPv4 static route
- DNS settings
- Security fabric
  - Fabric Connectors
    - FortiAnalyzer logging
- Packet capture
  - Creating a packet capture filter
System
- Settings
  - Testing the email service connection example
- ZTNA
- High availability
- Certificates
- SNMP
- Backup
  - Sending backup file to a server Example
- Firmware
- FortiPAM license
  - Stackable seat license for hardware models
- FortiGuard license
- Disclaimers via the CLI
Troubleshooting
- Troubleshoot using trace files
  - Example troubleshooting example
- FortiPAM HTTP filter
Appendix A: Installation on KVM
Appendix B: Installation on VMware
Appendix C: Installing vTPM package on KVM and adding vTPM to FortiPAM-VM
Appendix D: vTPM for FortiPAM on VMware
Appendix E: Enabling soft RAID on KVM or VMware
Appendix F: Installation on Hyper-V
Appendix G: Installation on Azure
Appendix H: FortiPAM hardware RAID CLI commands
Appendix I: Default launchers parameters
Appendix J: Installation on AWS
Appendix K: Installation on GCP
Appendix L: WinRM configuration for Windows server
Appendix M: FortiPAM browser extension and standalone FortiClient air-gapped installation
Appendix N: Performance test results
Change Log

Home FortiPAM 1.2.0 Administration Guide

1.2.0

Integrity check

Integrity check

For every launcher, you can configure a client software entry in the Integrity Check tab in Secret Settings to enable integrity checks.

Client software integrity check requires FortiPAM 1.1 and FortiClient 7.2.2.

When the integrity check fails, the launching stops and a prompt appears showing where to download a version of the client software based on your FortiPAM configurations.

Using integrity check prevents launching of corrupt executables.

The following two types of integrity checks are available:

Executable hash: Comparing the executable hash with the provided value.
Certificate: Checking the certificate of a file.

An integrity check is considered passed when at least one version of the client software package is matched.

For each integrity check; name, number of pages, and references are displayed.

The Integrity Check tab contains the following options:

Create	Select to create a client software entry for integrity check. See Creating a client software entry for integrity check.
Edit	Select to edit the selected client software entry.
Delete	Select to delete the selected client software entries.
Search	Enter a search term in the search field, then hit `Enter` to search the client software entry list. To narrow down your search, see Column filter.

Previous

Next

Integrity check

For every launcher, you can configure a client software entry in the Integrity Check tab in Secret Settings to enable integrity checks.

Client software integrity check requires FortiPAM 1.1 and FortiClient 7.2.2.

When the integrity check fails, the launching stops and a prompt appears showing where to download a version of the client software based on your FortiPAM configurations.

Using integrity check prevents launching of corrupt executables.

The following two types of integrity checks are available:

Executable hash: Comparing the executable hash with the provided value.
Certificate: Checking the certificate of a file.

An integrity check is considered passed when at least one version of the client software package is matched.

For each integrity check; name, number of pages, and references are displayed.

The Integrity Check tab contains the following options:

Create	Select to create a client software entry for integrity check. See Creating a client software entry for integrity check.
Edit	Select to edit the selected client software entry.
Delete	Select to delete the selected client software entries.
Search	Enter a search term in the search field, then hit `Enter` to search the client software entry list. To narrow down your search, see Column filter.

Previous

Next