The self-service portal provides options for configuring general self-service portal options, access control settings, self-registration options, replacement messages, and device self-enrollment settings.
To configure general self-service portal settings, go to Authentication > Self-service Portal > General.
The following settings can be adjusted:
To configure self-service portal access settings, go to Authentication > Self-service Portal > Access Control.
The following settings can be adjusted:
Username input format | Select the input format for the username, one of: username@realm, realm\username, realm/username. The realm name is optional when authentication against the default realm. |
Realms | Add realms to which the user will be associated. See Realms.
|
When self-registration is enabled, users can request registration through the FortiAuthenticator login page. Self-registration can be configured so that a user request is emails to the device administrator for approval.
When the account is ready for use, the user receives an email or SMS message with their account information.
Require administrator approval | Select to require that an administrator approves the user. | |
Enable e-mail to freeform addresses | Select to send self-registration requests to the email addresses entered in the Administrator e-mail addresses field. | |
Enable e-mail to administrator accounts | Select to send self-registration requests to specific administrators. Select the required administrators from the Available administrators box and move them to the Chosen administrators box. | |
Account expires after | Select to specify how long until self-generated accounts will be deleted after they are generated. | |
Use mobile number as username | If enabled, after a successful registration, the user’s password will be sent to them via SMS to confirm their identity. | |
Place registered users into a group | Select a group into which self-registered users will be placed from the drop-down list. | |
Password creation | Select how a password is created, either User-defined or Randomly generated. | |
Send account information via | Choose how to send account information to the user, either SMS, E-mail, or Display on browser page. The Display on browser page option is only available if administrator approval is not required. |
|
SMS gateway | Select an SMS gateway from the drop-down list. See SMS gateways for more information. | |
Required Field Configuration | Select the fields that the user is required to populate when self-registering. Options include: First name, Last name, E-mail, address, Address, City, State/Province, Country, Phone number, Mobile number, Custom field 1, Custom field 2, and Custom field 3. For information about custom fields, see Custom user fields. |
Approval is required only if Require administrator approval is enabled in the self-registration settings.
If the request is approved, the FortiAuthenticator unit sends the user an email or SMS message stating that the account has been activated.
A user can request registration, or self-register, from the FortiAuthenticator login screen.
Security policies must be in place on the FortiGate unit to allow these sessions to be established.
If administrator approval is not required and Display on browser page is enabled, the account details are immediately displayed to the user.
The replacement messages list enables you to view and customize replacement messages, and manage images.
Go to Authentication > Self-service Portal > Replacement Messages to view the replacement message list.
The replacement messages are split into five categories: Account, Authentication, Device Certificate Enrollment, Password Reset, and User Registration.
Selecting a specific message will display the text and HTML or plain text of the message in the lower half of the content pane.
Selecting Show Tag List will display a table of the tags used for that message atop the message’s HTML or plain text box.
Images can be managed by selecting Manage Images in the Replacement Messages window. Images can also be added, deleted, and edited.
The maximum image size is 65kB.
In the manage images screen, select an image, then select Edit.
Device certificate self-enrollment is a method for users to obtain certificates for their devices. It can be used to enable EAP-TLS for BYOD configurations, or for VPN authentication. For more information, see Device self-enrollment.