Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

User groups

Users can be assigned to groups during user account configuration (see Editing a user), or by editing the groups to add users to it.

To view the user groups list, go to Authentication > User Management > User Groups.

note icon

Note that user groups can be created for MAC devices. However, MAC devices will only be available to add in a MAC user group after devices have been created or imported. See MAC devices for more information.

To create a new user group:
  1. Go to Authentication > User Management > User Groups and select Create New.
  2. Enter the following information:
    Name Enter a name for the group.
    Type Select the type of group: Local, Remote LDAP, Remote RADIUS, or MAC.
    Users

    Select from available users and move them to the Selected users box to add them to the group.

    This option is only available if Type is Local.

    User retrieval

    Determine group membership by selecting either Specify an LDAP filter or Set a list of imported remote LDAP users.

    This option is only available if Type is Remote LDAP.

    Remote LDAP

    Select a remote LDAP server from the dropdown menu. At least one remote LDAP server must already be configured, see Remote authentication servers.

    This option is only available if Type is Remote LDAP.

    Remote RADIUS

    Select a remote RADIUS server from the dropdown menu. At least one remote RADIUS server must already be configured, see Remote authentication servers.

    This option is only available if Type is Remote RADIUS.

    LDAP filter

    Enter an LDAP filter. Optionally, select Test filter to ensure that the filter works as expected.

    This option is only available if Type is Remote LDAP and User retrieval is set to Specify an LDAP filter.

    LDAP users

    Select remote LDAP users from the Available LDAP users box and move them to the Selected LDAP users box to add them to the remote group.

    This option is only available if Type is Remote LDAP and User retrieval is set to Set a list of imported remote users.

    RADIUS users

    Select remote RADIUS users from the Available RADIUS users box and move them to the Selected RADIUS users box to add them to the remote group.

    This option is only available if Type is Remote RADIUS.

    MAC devices

    Select from available MAC devices and move them to the Selected MAC devices box to add them to the group.

    This option is only available if Type is MAC.

  3. Select OK to create the new group.
To edit a user group:
  1. In the user group list, select the group that you need to edit.
  2. Edit the settings as required. The settings are the same as when creating a new group.
  3. Select OK to apply your changes.

User groups for MAC-based RADIUS authentication

Once created, MAC user groups can then be used under the MAC-based authentication section of RADIUS clients, under Authentication > RADIUS Service > Clients. See RADIUS service for more information.

User groups

Users can be assigned to groups during user account configuration (see Editing a user), or by editing the groups to add users to it.

To view the user groups list, go to Authentication > User Management > User Groups.

note icon

Note that user groups can be created for MAC devices. However, MAC devices will only be available to add in a MAC user group after devices have been created or imported. See MAC devices for more information.

To create a new user group:
  1. Go to Authentication > User Management > User Groups and select Create New.
  2. Enter the following information:
    Name Enter a name for the group.
    Type Select the type of group: Local, Remote LDAP, Remote RADIUS, or MAC.
    Users

    Select from available users and move them to the Selected users box to add them to the group.

    This option is only available if Type is Local.

    User retrieval

    Determine group membership by selecting either Specify an LDAP filter or Set a list of imported remote LDAP users.

    This option is only available if Type is Remote LDAP.

    Remote LDAP

    Select a remote LDAP server from the dropdown menu. At least one remote LDAP server must already be configured, see Remote authentication servers.

    This option is only available if Type is Remote LDAP.

    Remote RADIUS

    Select a remote RADIUS server from the dropdown menu. At least one remote RADIUS server must already be configured, see Remote authentication servers.

    This option is only available if Type is Remote RADIUS.

    LDAP filter

    Enter an LDAP filter. Optionally, select Test filter to ensure that the filter works as expected.

    This option is only available if Type is Remote LDAP and User retrieval is set to Specify an LDAP filter.

    LDAP users

    Select remote LDAP users from the Available LDAP users box and move them to the Selected LDAP users box to add them to the remote group.

    This option is only available if Type is Remote LDAP and User retrieval is set to Set a list of imported remote users.

    RADIUS users

    Select remote RADIUS users from the Available RADIUS users box and move them to the Selected RADIUS users box to add them to the remote group.

    This option is only available if Type is Remote RADIUS.

    MAC devices

    Select from available MAC devices and move them to the Selected MAC devices box to add them to the group.

    This option is only available if Type is MAC.

  3. Select OK to create the new group.
To edit a user group:
  1. In the user group list, select the group that you need to edit.
  2. Edit the settings as required. The settings are the same as when creating a new group.
  3. Select OK to apply your changes.

User groups for MAC-based RADIUS authentication

Once created, MAC user groups can then be used under the MAC-based authentication section of RADIUS clients, under Authentication > RADIUS Service > Clients. See RADIUS service for more information.