Chapter 3 Authentication for FortiOS 5.0 : Users and user groups : Users : Local users : Creating users
  
Creating users
Before configuring any authentication, except RADIUS SSO, you must first create local users. For more about RADIUS SSO, see “SSO using RADIUS accounting records”.
When creating a new user, there are only two differences between a local and a remote user:
local users require a password to be configured
remote users do not require a password, but do require a remote authentication server to be configured
To create a local user - web-based manager
1. Go to User & Device > User > User Definition and select Create New.
2. Enter the username in the username field.
Select Password and type a password. Best practices dictate that the password be at least six characters long.
 
To authenticate this user using an external authentication server, select the Match user option for the appropriate type of server and select the server name. Password is not required. You must configure the remote server access first. See “Authentication servers”.
3. Optionally select Enable Two-factor Authentication to use that option with this user.
When enabled, additional options will be displayed. Select one of the following options and configure it as stated.
Select FortiToken, and choose the FortiToken serial number to associate with this user.
Select Email to and enter the user’s email address to email them the token code.
Select SMS and enter the Mobile Provider from the list, and enter the user’s mobile phone number that will receive the token code in a text message.
4. Select OK.
 
The Mobile Provider for SMS must be entered in the CLI using the config system sms-server command before it will be available to select in the web-based manager.
To create a local user - CLI examples
Locally authenticated user
config user local
edit user1
set type password
set passwd ljt_pj2gpepfdw
end
User authenticated on an LDAP server
config user local
edit user2
set type ldap
set ldap_server ourLDAPsrv
end
User authenticated on a RADIUS server
config user local
edit user3
set type radius
set radius_server ourRADIUSsrv
end
User authenticated on a TACACS+ server
config user local
edit user4
set type tacacs+
set tacacs+_server ourTACACS+srv
end
User authenticated with a FortiToken
config user local
edit user5
set type password
set passwd ljt_pj2gpepfdw
set two_factor fortitoken
set fortitoken 182937197
end
User authenticated using email
config user local
edit user6
set type password
set passwd ljt_pj4h7epfdw
set two_factor email
set email-to user6@sample.com
end
User authenticated using SMS text message
config system sms-server
edit “Sample Mobile Inc”
set mail-server mail.sample.com
end
 
config user local
edit user7
set type password
set passwd 3ww_pjt68dw
set two_factor sms
set sms-server custom
set sms-custom-server “Sample Mobile Inc”
set sms-phone 2025551234
end