Creating email accounts on FortiMail for PKI users
An email account must exist on the FortiMail unit for each PKI user. End-users cannot be authenticated using PKI if their email accounts do not exist on FortiMail, even if they have the required client certificate installed in their browsers.
The FortiMail operation mode determines whether end user email accounts are created automatically by FortiMail (transparent and gateway modes) or whether the end-user accounts need to be created manually on FortiMail (server mode).
If the FortiMail units is operating in server mode, see
“Configuring local user accounts (server mode only)” to manually create end-user email accounts.
If the FortiMail unit is operating in gateway or transparent mode, the FortiMail unit can be configured to store quarantined (spam) email. In this configuration, email accounts are created automatically on the FortiMail unit when it receives quarantined email. The quarantined email is stored in a bulk folder on the FortiMail unit. The email user can review, delete or release their quarantined email. For more information, see
“Managing the quarantines”.
Once the email accounts are created on FortiMail, proceed to
“Configuring PKI authentication”.
A PKI user can be either an individual email user, all email users associated with a specific domain, or a FortiMail administrator.
| If PKI authentication is used for email users and for FortiMail administrators, ensure that unique PKI users are created for the administrator accounts, and those PKI users are associated with the appropriate administrator accounts. For more information, see “Configuring PKI access for administrators”. Failure to create unique PKI users for administrators could result in email user access to administrator functions. |