You can use wildcard admin authentication to add the RADIUS and LDAP accounts of a group to FortiSandbox all at once instead of adding each account individually.
This example uses FortiAuthenticator as the RADIUS server.
- On FortiAuthenticator, create the users.
- If required, create user groups and assign users to the groups.
- To specify which devices the users have access to, you can define the group's Attribute ID as Fortinet-Group-Name, and enter a device group name as listed in FortiSandbox as the Value. This allows users in this group to view jobs only from the devices inside of that device group.
- If the Attribute ID is not defined, when users log into FortiSandbox, device visibility will follow the device group assigned to the RADIUS_WILDCARD administrator, if any exists.
- Create a new RADIUS service client.
- Set the client address as the FortiSandbox IP address.
- Enter the secret key in the Secret field.
- Configure profiles and add the user groups whose users will log into the FortiSandbox.
- On FortiSandbox, set up the RADIUS server in System > RADIUS Servers.
See RADIUS Servers.
- Create a new administrator in System > Administrators.
- Select RADIUS WILDCARD as the type.
- Select the RADIUS Server created in the previous step.
- The administrator name is RADIUS_WILDCARD and it cannot be changed. The administrator can be a device user, however, the assigned device group will be overridden if the RADIUS user group has defined the Attribute ID as Fortinet-Group-Name.
- On the FortiSandbox, set up the LDAP server in System > LDAP Server.
See LDAP Servers.
In this example, all users from OU=HQ under the LDAP tree dc=example, dc=org will be able to login to FortiSandbox.
- Create a new administrator in the System > Administrators page.
- Select LDAP WILDCARD as the Type.
- Select the LDAP server from the previous step.
The administrator name is LDAP_WILDCARD and it cannot be changed.
- Click OK.