When using LDAP, RADIUS queries or certificates to authenticate FortiWeb administrators, you must group queries or certificates for administrator accounts into a single set so that it can be used when configuring an administrator account.
1. Before you can add administrators to a group, you must first define an LDAP/RADIUS query or a PKI user whose result set includes those administrator accounts. For details, see Configuring LDAP queries, Configuring RADIUS queries and/or To create a PKI user.
2. Go to User > User Group > Admin Group.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see Permissions.
3. Click Create New.
A dialog appears.
4. In Name, type a name that can be referenced by other parts of the configuration, such as admin-remote-auth1
. Do not use special characters. The maximum length is 35 characters.
5. Click OK.
The Create New button for this item, below its name, will no longer be greyed out, indicating that it has become available.
6. Click Create New.
A dialog appears that enables you to add queries to the group.
7. For User Type, select either the LDAP User, RADIUS User or PKI User query type.
8. From Name, select the name of an existing LDAP/RADIUS query or PKI user. (The contents of the drop-down list vary by your previous selection in User Type.)
9. Click OK.
10. Repeat the previous steps for each query that you want to use when an account using this query group attempts to authenticate.
11. To apply the set of queries, select the group name for Admin User Group when you configure an administrator account (see Administrators).