Administrators : Grouping remote authentication queries for administrators
 
Grouping remote authentication queries for administrators
When using LDAP and RADIUS queries to authenticate FortiWeb administrators, you must group queries for administrator accounts into a single set so that it can be used when configuring an administrator account.
To configure an administrator remote authentication query group
1. Before you can add administrators to a group, you must first define an LDAP or RADIUS query whose result set includes those administrator accounts. For details, see “Configuring LDAP queries” and/or “Configuring RADIUS queries”.
2. Go to User > User Group > Admin Group.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see “Permissions”.
3. Click Create New.
A dialog appears.
4. In Name, type a name that can be referenced by other parts of the configuration, such as admin-remote-auth1. Do not use special characters. The maximum length is 35 characters.
5. Click OK.
The Create New button for this item, below its name, will no longer be greyed out, indicating that it has become available.
6. Click Create New.
A dialog appears that enables you to add queries to the group.
7. For User Type, select either the LDAP User or RADIUS User query type.
8. From Name, select the name of an existing LDAP or RADIUS query. (The contents of the drop-down list vary by your previous selection in User Type.)
9. Click OK.
10. Repeat the previous steps for each query that you want to use when an account using this query group attempts to authenticate.
11. To apply the set of queries, select the group name in Admin User Group when configuring an administrator account (see “Administrators”).