Self-service portal policies
Self-service portals are accessed directly and allow local and remote users to self-manage their account.
- Go to Authentication > Portals > Policies, click Self-service portals and Create New.
The Self-Service Portal Policy Creation Wizard is launched.
- Enter the following information:
Policy type Specify the name and type of the portal policy.
Enter a name for the policy.
Optionally, enter a description of the policy.
Allow self-service portal access is enabled by default.
Select a portal.
Identity sources Specify the identity sources against which to authenticate the end-users.
Select one of the following three username input formats:
Add realms to which the client will be associated.
- Select a realm from the dropdown menu in the Realm column.
- Select whether or not to allow local users to override remote users for the selected realm.
- Select whether or not to use Windows AD domain authentication.
- Edit the group filter as needed to filter users based on the groups they are in.
- If necessary, add more realms to the list.
- Select the realm that will be the default realm for this client.
Authentication factors Specify which authentication factors to verify.
Select one of the following:
- Mandatory two-factor authentication: Two-factor authentication is required for every user.
- Verify all configured authentication factors: Two-factor authentication is required if it is enabled on the user's account, otherwise, allow one-factor authentication.
- Password-only authentication: Authenticate users through password verification only. User accounts for which password authentication is disabled cannot be authenticated.
- Token-only authentication: Authenticate users through token verification only. User accounts for which token authentication is disabled cannot be authenticated.
Allow FortiToken Mobile push notifications
Toggle to enable or disable FortiToken Mobile push notifications for RADIUS users.
MAC address parameter
Select the MAC address parameter.
Reject usernames containing uppercase letters
Enable this setting to reject usernames that contain uppercase letters.
Restrict access based on end-user MAC address
Select the authorized MAC device groups.
Authorized groups must be first created under Authentication > User Management > User Groups, where the Type is MAC.
- Click Save and exit.