Chapter 3 Authentication for FortiOS 5.0 : Users and user groups : Users : PKI or peer users
  
PKI or peer users
A PKI, or peer user, is a digital certificate holder. A PKI user account on the FortiGate unit contains the information required to determine which CA certificate to use to validate the user’s certificate. Peer users can be included in firewall user groups or peer certificate groups used in IPsec VPNs. For more on certificates, see “Certificates overview”.
To define a peer user you need:
a peer username
the text from the subject field of the user’s certificate, or the name of the CA certificate used to validate the user’s certificate