System Settings : Admin : Administrator
 
Administrator
Go to System Settings > Admin > Administrator to view the list of administrators and configure administrator accounts. Only the default admin administrator account can see the complete administrators list. If you do not have certain viewing privileges, you will not see the administrator list.
Figure 66: Administrator list
The following information is available:
Delete
Select the check box next to the administrator you want to remove from the list and select Delete.
Create New
Select to create a new administrator. For more information, see “To create a new administrator account:”.
User Name
The name this administrator uses to log in. Select the administrator name to edit the administrator settings.
Type
The type of administrator account, one of: LOCAL, RADIUS, LDAP, TACACS+, or PKI.
Profile
The administrator profile for this user that determines the privileges of this administrator. The profile can be one of: Restricted_User, Standard_User, Super_User, or a custom defined profile. For information on administrator profiles, see “Profile”.
Admin Domain
The ADOMs to which the user has access. ADOM access can be to all ADOMs or specific ADOMs which are assigned to the profile.
Status
Indicates whether the administrator is currently logged into the FortiAnalyzer unit not. A green circle with an up arrow indicates that the administrator is logged in, a red circle with a down arrow indicates that they are not.
Comments
Descriptive text about the administrator account.
To create a new administrator account:
1. Go to System Settings > Admin > Administrator and select Create New.
The New Administrator dialog box appears.
Figure 67: New administrator dialog box
2. Configure the following settings:
User Name
Enter the name that this administrator uses to log in.
Type
Select the type of authentication the administrator will use when logging into the FortiAnalyzer unit. Select one of: LOCAL, RADIUS, LDAP, TACACS+, or PKI. If you select LOCAL, you will need to add a password.
Subject
If Type is set to PKI, enter a description.
CA
If Type is set to PKI, select a certificate in the drop-down list.
Require two-factor authentication
If Type is set to PKI, you can select the checkbox to enforce two-factor authentication. Enter a password and confirm.
New Password
Enter the password.
Confirm Password
Enter the password again to confirm it.
Server
Select the RADIUS, LDAP, or TACACS+ server, as appropriate. This option is only available if Type is not LOCAL or PKI.
wildcard
Select this option to set the password as a wildcard. This option is only available if Type is not LOCAL or PKI.
Trusted Host1
Trusted Host2
Trusted Host3
...
Optionally, enter the trusted host IP address and network mask from which the administrator can log in to the FortiAnalyzer unit. You can specify up to ten trusted hosts in the Web-based Manager or in the CLI.
Setting trusted hosts for all of your administrators can enhance the security of your system. For more information, see “Using trusted hosts”.
Trusted IPv6 Host1
Trusted IPv6 Host2
Trusted IPv6 Host3
...
Optionally, enter the trusted host IPv6 address from which the administrator can log in to the FortiAnalyzer unit. You can specify up to three trusted IPv6 hosts in the Web-based Manager. You can configure up to ten trusted hosts in the CLI.
Setting trusted IPv6 hosts for all of your administrators can enhance the security of your system. For more information, see “Using trusted hosts”.
Profile
Select a profile from the list. The profile selected determines the administrator’s access to the FortiAnalyzer unit’s features.
To create a new profile see “Configuring administrator profiles”.
Admin Domain
Choose the ADOM this admin will belong to. This field is available only if ADOMs are enabled (see “Administrative Domains”). Select either All ADOMs or Specify. When selecting Specify, select the plus (+) icon to the left of the field to select one or multiple ADOMs.
The Super_User profile defaults to All ADOMs access.
Description
Optionally, enter a description of this administrator’s role, location or reason for their account. This field adds an easy reference for the administrator account.
3. Select OK to create the new administrator account.
To modify an existing administrator account:
1. Go to System Settings > Admin > Administrator. The list of configured administrators appears; see Figure 66.
2. In the User Name column, click on the user name of the administrator you want to change.
The Edit Administrator window appears.
Figure 68: Edit administrator page
3. Modify the settings as required. For more information about configuring account settings, see “To create a new administrator account:”.
4. Select OK to save your changes.
To delete an existing administrator account:
 
The default admin administrator account cannot be deleted.
1. Go to System Settings > Admin > Administrator. The list of configured administrators appears; see Figure 66.
2. Select the check box of the administrator account you want to delete and then select the Delete icon in the toolbar.
3. Select OK in the confirmation dialog box to delete the administrator account.