User page Lists each individual local user’s list that you created. On this page, you can edit, delete or create a new local users list. Note: If you want to have users always authenticate whenever their time expires, use the hard-timeout value in the auth-type command. This is available only in the CLI. | |
Create New | Creates a new local user account. When you select Create New, you are automatically redirected to New User page. |
Edit | Modifies a user’s account settings. When you select Edit, you are automatically redirected to the Edit User page. |
Delete | Removes a user from the list. Removing the user name removes the authentication configured for the user. The Delete icon is not available if the user belongs to a user group. To remove multiple local user accounts from within the list, on the User page, in each of the rows of user accounts you want removed, select the check box and then select Delete. To remove all local user accounts from the list, on the User page, select the check box in the check box column and then select Delete. |
User Name | The local user name. If the user is authenticated externally, the username on the FortiGate unit must be identical to the username on the authentication server. |
Type | The authentication type to use for this user. The authentication types are Local (user and password stored on Fortinet unit), LDAP, RADIUS, and TACACS+ (user and password matches a user account stored on the authentication server). |
Two-factor Authentication | Indicates whether two-factor authentication is configured for the user. Gray “X” — not enabled Green check mark — enabled |
Ref. | Displays the number of times this object is referenced by other objects. Select the number to open the Object Usage window and view the list of referring objects. The list is grouped into expandable categories, such as Firewall Policy. Numbers of objects are shown in parentheses. To view more information about the referring object, use the icons: • View the list page for these objects – available for object categories. Goes to the page where the object is listed. For example, if the category is User Groups, opens User Groups list. • Edit this object – opens the object for editing. modifies • View the details for this object – displays current settings for the object. |
New User or Edit User page Provides settings for a new or existing local user. | |
User Name | A name that identifies the user. |
Disable | Select to prevent this user from authenticating. |
Password | Select to authenticate this user using a password stored on the FortiGate unit. Enter the password. Best practice is to create a password at least six characters long. |
Match users on LDAP servers | Select to authenticate this user using a password stored on an LDAP server. Select the LDAP server from the list. You can select only an LDAP server that has been added to the Fortinet LDAP configuration. For more information, see “Configuring the FortiGate unit to use an LDAP server”. |
Match users on RADIUS server | Select to authenticate this user using a password stored on a RADIUS server. Select the RADIUS server from the list. You can select only a RADIUS server that has been added to the Fortinet RADIUS configuration. For more information, see “Configuring the FortiGate unit to use a RADIUS server”. |
Match users on TACACS+ server | Select to authenticate this user using a password stored on a TACACS server. Select the TACACS+ server from the list. You can select only a TACACS server that has been added to the Fortinet TACACS configuration. For more information, see “TACACS+ servers”. |
Contact Info | Provide the email address or SMS cell number at which the user will receive token password codes. For custom SMS service, you must first enter the SMS service provider in System > Config > Messaging Servers before you can select it from the drop-down list. See “FortiToken”. |
Enable Two-factor Authentication | Select to enable two-factor authentication. Then select the Token (FortiToken or FortiToken Mobile) for this user account. See “Associating FortiTokens with accounts”. |