Configuring system settings : Configuring administrator accounts and access profiles : Configuring administrator accounts
Configuring administrator accounts
The Administrator tab displays a list of the FortiMail unit’s administrator accounts and the trusted host IP addresses administrators use to log in (if configured).
By default, FortiMail units have a single administrator account, admin. For more granular control over administrative access, you can create additional administrator accounts that are restricted to a specific protected domain and with restricted permissions. For more information, see “About administrator account permissions and domains”.
Depending on the permission and assigned domain of your account, this list may not display all administrator accounts. For more information, see “About administrator account permissions and domains”.
 
If you configured a system quarantine administrator account, this account does not appear in the list of standard FortiMail administrator accounts. For more information on the system quarantine administrator account, see “Configuring the system quarantine settings”.
To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Others category.
For details, see “About administrator account permissions and domains”.
To configure administrator accounts
1. Go to System > Administrator > Administrator.
2. Either click New to add an account or double-click an account to modify it.
A dialog appears.
3. Configure the following and then click Create:
 
GUI item
Description
Enable
Select it to enable the new account. If disabled, the account will not be able to access FortiMail.
Administrator
Enter the name for this administrator account.
The name can contain numbers (0‑9), uppercase and lowercase letters (A‑Z, a‑z), hyphens ( - ), and underscores ( _ ). Other special characters and spaces are not allowed.
Domain
Select System for the entire FortiMail unit or the name of a protected domain, such as example.com, to which this administrator account will be assigned.
For more information on protected domain assignments, see “About administrator account permissions and domains”.
Note: If Domain is a protected domain, the administrator cannot use the CLI, or the basic mode of the web UI.
Access profile
Select the name of an access profile that determines which functional areas the administrator account may view or affect.
Click New to create a new profile or Edit to modify the selected profile. For details, see “Configuring access profiles”.
Authentication type
Select the local or remote type of authentication that the administrator will use:
Local
RADIUS
PKI
LDAP
Note: RADIUS, LDAP and PKI authentication require that you first configure a RADIUS authentication profile, LDAP authentication profile, or PKI user. For more information, see “Configuring authentication profiles” and “Configuring PKI authentication”.
Password
If you select Local as the authentication type, enter a secure password for this administrator account.
The password can contain any character except spaces.
This field does not appear if Authentication type is not Local or RADIUS+Local.
Confirm password
Enter this account’s password again to confirm it.
This field does not appear if Authentication type is not Local or RADIUS+Local.
LDAP profile
If you choose to use LDAP authentication, select an LDAP profile you want to use.
RADIUS profile
If you choose to use RADIUS or RADIUS + Local authentication, select a RADIUS profile you want to use.
PKI profile
If you choose to use PKI authentication, select a PKI profile you want to use.
Trusted hosts
Enter an IPv4 or IPv6 address or subnet from which this administrator can log in. You can add up to 10 trusted hosts.
If you want the administrator to access the FortiMail unit from any IP address, use 0.0.0.0/0.0.0.0.
Enter the IP address and netmask in dotted decimal format. For example, you might permit the administrator to log in to the FortiMail unit from your private network by typing 192.168.1.0/255.255.255.0.
Note: For additional security, restrict all trusted host entries to administrative hosts on your trusted private network.
Note: For information on restricting administrative access protocols that can be used by these hosts, see “Editing network interfaces”.
Language
Select this administrator account’s preference for the display language of the web UI.
Theme
Select this administrator account’s preference for the display theme or click Use Current to choose the theme currently in effect.
The administrator may switch the theme at any time during a session by clicking Next Theme.