Configuring users in server mode

You can create users one at a time or import a list of users. Before importing a user list or adding an email user, you must first configure one or more protected domains to which the email users will belong. For more information, see “Configuring protected domains”.

2. From Domain, select the name of the protected domain to which you want to add an email user. You can also set the domain on the user dialog.

3. Either click New to add an email user or double-click an email user to modify it.

4. In User name, enter the name of the account in the selected domain whose email will be locally deliverable on the FortiMail unit.

For example, an email user may have numerous aliases, mail routing, and other email addresses on other systems in your network, such as accounting@example.com. However, the user name you enter in the New User dialog reflects the email user’s account that they will use to log in to this FortiMail unit at the selected domain; such as, jsmith if the email address is jsmith@example.com.

5. You can change the user’s domain if it necessary. In the drop-down menu to the right of the @ symbol, select the name of the protected domain to which the email user belongs.

• select LDAP and select the name of an existing LDAP profile in the dropdown list

• select RADIUS and select the name of an existing RADIUS profile in the dropdown list.

If no profile exists, click New to create one.

If a profile exists but needs modification, select it and click Edit.


	The LDAP option requires that you first create an LDAP profile in which you have enabled and configured in “Configuring user authentication options”.

7. In Display Name, enter the name of the user as it should appear in the From: field in the message header.

For example, an email user whose email address is user1@example.com may prefer that their Display Name be "J Zang".

For a new user, the FortiMail unit creates the account. Authentication is not yet enabled and a policy may not exist that allows the account to send and receive email.

Complete the next two steps as applicable.

9. To enable the user account, create a recipient-based policy that both matches its email address and uses a resource profile in which <GUIElement>User account status is enabled. For details, see “Workflow to enable and configure authentication of email users” and “Configuring resource profiles (server mode only)”.

10. To allow the user account to send and receive email, configure an access control rule and either an IP-based policy or an incoming recipient-based policy. For details, see “Configuring policies”.