System Settings : Admin : Administrator
 
Administrator
Go to System Settings > Admin > Administrator to view the list of administrators and configure administrator accounts. Only the default admin administrator account can see the complete administrators list. If you do not have certain viewing privileges, you will not see the administrator list.
Figure 49: Administrator list
The following information is available:
Delete
Select the check box next to the administrator you want to remove from the list and select Delete.
Create New
Select to create a new administrator. For more information, see “To create a new administrator account:”.
User Name
The name this administrator uses to log in. Select the administrator name to edit the administrator settings.
Profile
The administrator profile for this user that determines the privileges of this administrator. For information on administrator profiles, see “Profile”.
ADOM
The ADOM to which the administrator has been assigned.
Policy Package
The policy packages to which this profile allows access.
Status
Indicates whether the administrator is currently logged into the FortiManager unit not. A green circle with an up arrow indicates the administrator is logged in, a red circle with a down arrow indicates the administrator is not logged in.
Comments
Descriptive text about the administrator account.
To create a new administrator account:
1. Go to System Settings > Admin > Administrator and select Create New. The New Administrator dialog box opens.
Figure 50: Creating a new administrator account
2. Configure the following settings:
User Name
Enter the name that this administrator uses to log in. This field is available if you are creating a new administrator account.
Type
Select the type of authentication the administrator will use when logging into the FortiManager unit. If you select LOCAL, you will need to add a password. Otherwise, depending on the type of authentication server selected, you will select the authentication server from a drop-down list.
Select one of the following types: LOCAL, RADIUS, LDAP, TACACS+, or PKI.
RADIUS Server
Select the RADIUS server from the drop-down menu.
Note: This field is available when the type is RADIUS.
LDAP Server
Select the LDAP server from the drop-down menu.
Note: This field is available when the type is LDAP.
TACACS+ Server
Select the TACACS+ server from the drop-down menu.
Note: This field is available when the type is TACACS+.
Wildcard
Select to enable wildcard.
Note: This field is available when the type is RADIUS, LDAP, or TACACS+.
Subject
Enter a comment in the subject field for the PKI administrator.
Note: This field is available when the type is PKI.
CA
Select the CA from the drop-down menu.
Note: This field is available when the type is PKI.
Require two-factor authentication
Select to enable two-factor authentication.
Note: This field is available when the type is PKI.
New Password
Enter the password.
Note: This field is available if Type is LOCAL, RADIUS, LDAP, TACACS+, or PKI.
Confirm Password
Enter the password again to confirm it.
Note: This field is available if Type is LOCAL, RADIUS, LDAP, TACACS+, or PKI.
Trusted Host1
Trusted Host2
Trusted Host3
...
TrustedHost10
Optionally, enter the trusted host IP address and netmask from which the administrator can log in to the FortiManager unit. You can specify up to three trusted hosts.
Setting trusted hosts for all of your administrators can enhance the security of your system. For more information, see “Using trusted hosts”.
Trusted IPv6 Host1
Trusted IPv6 Host2
Trusted IPv6 Host3
...
TrustedIPv6 Host10
Optionally, enter the trusted host IPv6 address from which the administrator can log in to the FortiManager unit. You can specify up to three trusted IPv6 hosts.
Setting trusted IPv6 hosts for all of your administrators can enhance the security of your system. For more information, see “Using trusted hosts”.
Profile
Select a profile from the drop-down menu. The profile selected determines the administrator’s access to the FortiManager unit’s features.
To create a new profile see “Configuring administrator profiles”.
Admin Domain
Choose the ADOMs this administrator will be able to access, or select All ADOMs.
Note: This field is available only if ADOMs are enabled.
Policy Package Access
Choose the policy packages this administrator will have access to, or select All Package.
Description
Optionally, enter a description of this administrator’s role, location or reason for their account. This field adds an easy reference for the administrator account.
User Information (optional)
Contact Email
Enter a contact email address for the new administrator.
Contact Phone
Enter a contact phone number for the new administrator.
3. Select OK to create the new administrator account.
To modify an existing administrator account:
1. Go to System Settings > Admin> Administrator.
2. In the User Name column, double-click on the user name of the administrator you want to change. The Edit Administrator window appears.
3. Modify the settings as required. For more information about configuring account settings, see “To create a new administrator account:”.
4. Select OK to save your changes.
To delete an existing administrator account:
1. Go to System Settings > Admin > Administrator. The list of configured administrators appears; see Figure 49.
2. Select the check box of the administrator account you want to delete and then select the Delete icon in the toolbar.
3. In the dialog box that appears, select OK to confirm the deletion.