Fortinet black logo

Administration Guide

Grouping remote authentication queries and certificates for administrators

Grouping remote authentication queries and certificates for administrators

When using LDAP, RADIUS queries or certificates to authenticate FortiWeb administrators, you must group queries or certificates for administrator accounts into a single set so that it can be used when configuring an administrator account.

To configure an administrator remote authentication query group
  1. Before you can add administrators to a group, you must first define an LDAP/RADIUS/TACACS+ query or a PKI user whose result set includes those administrator accounts. For details, see Configuring an LDAP server, Configuring a RADIUS server, Grouping remote authentication queries and certificates for administrators, and To create a PKI user.
  2. Go to User > User Group > Admin Group.
    To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see Permissions.
  3. Click Create New.
  4. In Name, type a name that can be referenced by other parts of the configuration, such as admin-remote-auth1. Do not use special characters. The maximum length is 63 characters.
  5. Click OK.
    The Create New button for this item, below its name, will no longer be greyed out, indicating that it has become available.
  6. Click Create New.
  7. For User Type, select either the LDAP User, RADIUS User, PKI User, or TACACS+ query type.
  8. From Name, select the name of an existing LDAP/RADIUS/TACACS+ query or PKI user. The contents of the drop-down list vary by your previous selection in User Type.
  9. Click OK.
  10. Repeat the previous steps for each query that you want to use when an account using this query group attempts to authenticate.
  11. To apply the set of queries, select the group name for Admin User Group when you configure an administrator account. For details, see Administrators.

Grouping remote authentication queries and certificates for administrators

When using LDAP, RADIUS queries or certificates to authenticate FortiWeb administrators, you must group queries or certificates for administrator accounts into a single set so that it can be used when configuring an administrator account.

To configure an administrator remote authentication query group
  1. Before you can add administrators to a group, you must first define an LDAP/RADIUS/TACACS+ query or a PKI user whose result set includes those administrator accounts. For details, see Configuring an LDAP server, Configuring a RADIUS server, Grouping remote authentication queries and certificates for administrators, and To create a PKI user.
  2. Go to User > User Group > Admin Group.
    To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see Permissions.
  3. Click Create New.
  4. In Name, type a name that can be referenced by other parts of the configuration, such as admin-remote-auth1. Do not use special characters. The maximum length is 63 characters.
  5. Click OK.
    The Create New button for this item, below its name, will no longer be greyed out, indicating that it has become available.
  6. Click Create New.
  7. For User Type, select either the LDAP User, RADIUS User, PKI User, or TACACS+ query type.
  8. From Name, select the name of an existing LDAP/RADIUS/TACACS+ query or PKI user. The contents of the drop-down list vary by your previous selection in User Type.
  9. Click OK.
  10. Repeat the previous steps for each query that you want to use when an account using this query group attempts to authenticate.
  11. To apply the set of queries, select the group name for Admin User Group when you configure an administrator account. For details, see Administrators.