User type | Authentication |
Local user | The username and password must match a user account stored on the FortiGate unit. Authentication by FortiGate security policy. |
Remote user | The username must match a user account stored on the FortiGate unit and the username and password must match a user account stored on the remote authentication server. FortiOS supports LDAP, RADIUS, and TACACS+ servers. |
Authentication server user | A FortiGate user group can include user accounts or groups that exist on a remote authentication server. |
FSSO user | With Fortinet Single Sign On (FSSO), users on a Microsoft Windows or Novell network can use their network authentication to access resources through the FortiGate unit. Access is controlled through FSSO user groups which contain Windows or Novell user groups as their members. |
PKI or Peer user | A Public Key Infrastructure (PKI) or peer user is a digital certificate holder who authenticates using a client certificate. No password is required, unless two-factor authentication is enabled. |
IM Users | IM users are not authenticated. The FortiGate unit can allow or block each IM user name from accessing the IM protocols. A global policy for each IM protocol governs access to these protocols by unknown users. |
Guest Users | Guest user accounts are temporary. The account expires after a selected period of time. |