Grouping users
To denote which set of people is authorized to request specific URLs when configuring HTTP authentication offloading, you must create user groups.
A user group can include a mixture of local end-user accounts, LDAP queries, RADIUS queries, and NTLM queries. Therefore, on FortiWeb, a user group could be set of accounts, or it could be a set of queries instead.
To configure a user group
1. Before you can configure a user group, you must first configure one or more local end-user accounts or queries to remote authentication servers. See:
To access this part of the web UI, your administrator's account access profile must have
Read and
Write permission to items in the
Auth Users category. For details, see
“Permissions”.
2. Go to User > User Group > User Group.
3. Click Create New.
A dialog appears.
4. In Name, type a name that can be referenced by other parts of the configuration. Do not use special characters. The maximum length is 35 characters.
5. In Auth Type, select one of the authentication types:
• Basic — Clear text. This is the original and most compatible authentication scheme for HTTP. However, it is also the least secure as it sends the user name and password unencrypted to the server.
• Digest — Encrypts the password and thus is more secure than the basic authentication.
• NTLM — Uses a proprietary protocol of Microsoft and is considered to be more secure than basic authentication.
6. Click OK.
The Create New button for this item, below its name, will no longer be greyed out, indicating that it has become available.
7. Click Create New.
A dialog appears that enables you to add members to the group.
8. In User Type, select the type of user or user query you want to add to the group. Available options vary with the setting for the group’s Auth Type option.
You can mix user types in the group. However, if the authentication rule’s Auth Type does not support a given user type, all user accounts of that type will be ignored, effectively disabling them.
9. From User Name, select the name of an existing user account, LDAP query, or RADIUS query. Available options vary by your selection in User Type.
10. Click OK.
11. Repeat the previous steps for each user or query that you want to add to the group.
See also