Adding Users

Complete these steps to add a user:

  1. Navigate to CMDB > Users > Ungrouped.
  2. Click New to create a new user.
  3. In the New User dialog box, enter the detailed information about this user:
    1. Add the user profile information including User Name, Full Name, Job Title and Company.
    2. Click the drop-down list to select the Importance of this user - "Normal", "Important", "Critical", or "Mission Critical".
    3. Enable Active if this is an active user.
    4. Enter the user's Domain.
    5. Enter the user's Distinguished Name DN.
    6. For User Lockout, select Unlock by Administrator or Delay next login for ## minutes. If Delay next login for ## minutes is selected, enter the number of minutes the user will be unable to log into the system after three successive authentication failures.
    7. Select the Inactivity Lockout if you wish to enable lockout after a period of inactivity.
    8. For Password Reset, enter the number of days after which a user’s current password for logging in to the system will automatically expire. If left blank, the user's password will never expire. 
    9. For Idle Timeout, enter the number of minutes after which an inactive user will be logged out. 
    10. Enter the Employee ID of the user.
    11. Select the Manager to which this user belongs.
    12. For System Admin, enable by selecting the System Admin checkbox.
      1. For Mode, select Local or External.
        If you select Local, enter and then reconfirm the user password. For External, see Authentication Settings for more information about using external authentication.
        Note: If more than one authentication profile is associated with a user, then the servers will be contacted one-by-one until a connection to one of them is successful. Once a server has been contacted, if the authentication fails, the process ends, and the user is notified that the authentication failed.
      2. Select a Default Role for the user.
        See the topic Role Settings for a list of default roles and permission. You can also create new roles, which will be available in this menu after you create them. 

        If this System Admin user should be allowed to approve de-anonymization requests, ensure the Deobfuscation Approver role has been configured in Role Settings and that this configured role is selected here.

        If the System Admin user should be allowed to approve remediation requests, ensure the Remediation Approver role has been configured in Role Settings and that this configured role is selected here.
      3. Click Back when done.
    13. Click Contact Info to enter your personal contact information.
      1. Add user contact information to the appropriate contact information fields - Work Phone, Mobile Phone, Home Phone, SMS, SMS Provider, ZIP, Email, Address, City, State, and Country field.
      2. If your company uses S/MIME for email, make sure the Email field is filled out, and upload the S/MIME certificate in the Certificate field by clicking Upload, and selecting your certificate.
      3. Click Back when done.
    14. Enter any Description about the user.
  4. Click Save.

    The new user details appear in the list.

Notes:

  • When viewing this user list as a Super global user, you may see repetitions of a few User Names, where those names exist in multiple Organizations. This can be determined by checking the contents of the Organization column.
  • Repetition of User Names may also occur if an LDAP server has moved from one Organization to another and discovery of that LDAP server introduces users from the previous organization who may share the same user name. In this case, the administrator may wish to remove users that are no longer applicable.
  • An Agent User can be created by navigating to ADMIN > Setup > Organization, and clicking New or Edit. These types of Admin Users are not allowed to log into the UI. Their primary purpose is for Windows Agent registration against the FortiSIEM environment. See Setting Organizations and Collectors (Service Provider) for more information.