Fortinet white logo
Fortinet white logo

Handbook

Manage administrator users

Manage administrator users

This topic includes the following information:

Administrator user overview

In its factory default configuration, FortiADC has one administrator account named admin. The user of this account has permissions that grant read-write access to all system functions.

Unlike other administrator accounts, this default admin cannot be deleted. The admin account is similar to a root administrator account. This account always has full permission to view and change all system configuration options, including viewing and changing all other administrator accounts. You cannot alter the name and permissions of this default admin account.

To prevent accidental changes to the configuration, it is best that only network administrators, and if possible, only a single person, use the admin account.

You can use the admin account to configure more administrator accounts for other users. Accounts can be created with different levels of access. If you require such role-based access control (RBAC) restrictions, or if you simply want to harden security or prevent inadvertent changes to other administrators’ areas, you can do so using access profiles. For example, you can create an account for a security auditor who must only be able to view the configuration and logs, but not change them.

Basic steps
  1. Create administrator user accounts with permissions provisioned by the profiles.
  2. Configure access profiles to provision permissions to roles.
  3. Enable password policies.

Manage administrator users

Manage administrator users

This topic includes the following information:

Administrator user overview

In its factory default configuration, FortiADC has one administrator account named admin. The user of this account has permissions that grant read-write access to all system functions.

Unlike other administrator accounts, this default admin cannot be deleted. The admin account is similar to a root administrator account. This account always has full permission to view and change all system configuration options, including viewing and changing all other administrator accounts. You cannot alter the name and permissions of this default admin account.

To prevent accidental changes to the configuration, it is best that only network administrators, and if possible, only a single person, use the admin account.

You can use the admin account to configure more administrator accounts for other users. Accounts can be created with different levels of access. If you require such role-based access control (RBAC) restrictions, or if you simply want to harden security or prevent inadvertent changes to other administrators’ areas, you can do so using access profiles. For example, you can create an account for a security auditor who must only be able to view the configuration and logs, but not change them.

Basic steps
  1. Create administrator user accounts with permissions provisioned by the profiles.
  2. Configure access profiles to provision permissions to roles.
  3. Enable password policies.