Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiPAM 1.8.0 Release Notes
    1.8.0
    1.8.1
    1.8.0
    1.7.2
    1.7.1
    1.7.0
    1.6.2
    1.6.1
    1.6.0
    1.5.1
    1.5.0
    1.4.3
    1.4.2
    1.4.1
    1.4.0
    1.3.1
    1.3.0
    1.2.0
    1.1.2
    1.1.1
    1.1.0
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Migration from FortiSRA to FortiPAM

    Migration from FortiSRA to FortiPAM

    In version 1.8.0, FortiSRA is merged into FortiPAM.

    Starting FortiPAM 1.8.0:

    1. The previous FortiSRA default administrator will have the full Super Administrator role, including the ability to launch secrets.
    2. With SKU-591, an extra seat is added for free.

      For example, when the purchased license seat quantity is 20, then 21 users can be enabled.

      For HA, if a node has 10 licensed seats and the other has 5 users, the primary node can have 16 users enabled.

    Upgrade path for FortiSRA:
    1. Upgrade FortiSRA from 1.6.x to 1.7.2 using the FortiSRA image.
    2. Upgrade FortiSRA from 1.7.2 to FortiPAM 1.8.0 using the FortiPAM 1.8.0 image.

    After migration from FortiSRA to FortiPAM, the original FortiSRA administrator becomes a regular administrator on FortiPAM with the ability to create/edit/launch secrets.

    This is a free administrator account.

    After migration from FortiSRA to FortiPAM, native launchers are automatically created and added to the default templates.

    If you do not want to display the native launchers, remove them from the following default templates:

    • Unix Account (SSH Password), VNC Server, FortiGate/FortiOS (SSH Key),FortiGate/FortiOS (Web), Machine, Windows Domain Account, etc.

    After migration from FortiSRA to FortiPAM, the GUI can report the Configuration can contain errors warning.

    Run:

     diag debug config-error-log read

    Output:

    "end" @ global.system.replacemsg.auth.auth-sra-login-page:failed command (error -56)
 "end" @ global.system.replacemsg.auth.auth-sra-token-page:failed command (error -56)
 "end" @ global.system.replacemsg.auth.auth-sra-passchg-page:failed command (error -56)

    The above output is harmless to your system.

    Run the following command to clear the output:

    diag debug config-error-log clear

    After you migrate from FortiSRA to FortiPAM, you can no longer downgrade back to FortiSRA.

    Ensure that you create a snapshot of your FortiSRA before the migration to FortiPAM.

    If the FortiSRA license is expired, FortiSRA license may not be available.

    If using a new FortiPAM license to replace an expired FortiSRA license, the following must be performed:

    Fabric connectors (EMS, FortiAnalyzer)

    Reconfigure EMS and FortiAnalyzer to accept FortiPAM connection request

    Users with local mobile 2FA

    Disable/re-enable 2FA

    Users with FortiToken Cloud 2FA

    Disable/re-enable 2FA
    Previous
    Next

    Migration from FortiSRA to FortiPAM

    Migration from FortiSRA to FortiPAM

    In version 1.8.0, FortiSRA is merged into FortiPAM.

    Starting FortiPAM 1.8.0:

    1. The previous FortiSRA default administrator will have the full Super Administrator role, including the ability to launch secrets.
    2. With SKU-591, an extra seat is added for free.

      For example, when the purchased license seat quantity is 20, then 21 users can be enabled.

      For HA, if a node has 10 licensed seats and the other has 5 users, the primary node can have 16 users enabled.

    Upgrade path for FortiSRA:
    1. Upgrade FortiSRA from 1.6.x to 1.7.2 using the FortiSRA image.
    2. Upgrade FortiSRA from 1.7.2 to FortiPAM 1.8.0 using the FortiPAM 1.8.0 image.

    After migration from FortiSRA to FortiPAM, the original FortiSRA administrator becomes a regular administrator on FortiPAM with the ability to create/edit/launch secrets.

    This is a free administrator account.

    After migration from FortiSRA to FortiPAM, native launchers are automatically created and added to the default templates.

    If you do not want to display the native launchers, remove them from the following default templates:

    • Unix Account (SSH Password), VNC Server, FortiGate/FortiOS (SSH Key),FortiGate/FortiOS (Web), Machine, Windows Domain Account, etc.

    After migration from FortiSRA to FortiPAM, the GUI can report the Configuration can contain errors warning.

    Run:

     diag debug config-error-log read

    Output:

    "end" @ global.system.replacemsg.auth.auth-sra-login-page:failed command (error -56)
 "end" @ global.system.replacemsg.auth.auth-sra-token-page:failed command (error -56)
 "end" @ global.system.replacemsg.auth.auth-sra-passchg-page:failed command (error -56)

    The above output is harmless to your system.

    Run the following command to clear the output:

    diag debug config-error-log clear

    After you migrate from FortiSRA to FortiPAM, you can no longer downgrade back to FortiSRA.

    Ensure that you create a snapshot of your FortiSRA before the migration to FortiPAM.

    If the FortiSRA license is expired, FortiSRA license may not be available.

    If using a new FortiPAM license to replace an expired FortiSRA license, the following must be performed:

    Fabric connectors (EMS, FortiAnalyzer)

    Reconfigure EMS and FortiAnalyzer to accept FortiPAM connection request

    Users with local mobile 2FA

    Disable/re-enable 2FA

    Users with FortiToken Cloud 2FA

    Disable/re-enable 2FA
    Previous
    Next