Fortinet black logo

Administration Guide

Identity and Account Management (IAM)

Identity and Account Management (IAM)

Previously, each FortiCloud customer account had one set of usernames (email addresses) and passwords. All devices were registered under one account, making it difficult to implement Roles in FortiCloud. To solve this, FortiAuthenticator allows you to configure IAM users and accounts. Each IAM user is unique to an IAM account, whereas each IAM account is unique to the FortiAuthenticator instance or cluster. For more information on IAM users, see IAM user in the Identity & Access Management 23.1.a Administration Guide.

To view IAM users and accounts, go to Authentication > User Management > IAM, and toggle between Users or Accounts.

The IAM users and accounts list shows the following information:

Create New

Select to create an IAM account or user.

Delete

Select to delete the selected IAM accounts or users.

Import

Select to import IAM users.

In the Import IAM Users window, enter information as shown in To create an IAM user.

Edit

Select to edit the selected IAM account.

In the Edit IAM Account window, enter information as shown in To create an IAM account.

To create an IAM account:
  1. Go to Authentication > User Management > IAM.
  2. Select Accounts, and then select Create New.
  3. Enter the following information:

    Account Name

    Enter the account name. The name must be unique among all the IAM accounts.

    Alias

    Enter alias. This must be unique among all the IAM accounts.

  4. Click OK.
To create an IAM user:
  1. Go to Authentication > User Management > IAM.
  2. Select Users, and then select Create New.
  3. Enter the following information:
    Username

    Enter the account name. The name must be unique within the selected IAM account.

    Administrator

    Enable to give this user administrator privileges.

    An administrator can manage users within the same account.

    Account

    From the dropdown, select the account to add this user to.

    Use the pen icon to edit the selected account, + to create a new IAM account, and x to delete the selected IAM account.

    User Type

    Select the user account type, either Local or Remote LDAP.

    Local User

    From the dropdown, select the local user. This option is only available when the User Type is Local.

    Remote LDAP server

    From the dropdown, select the Remote LDAP server. This option is only available when the User Type is Remote LDAP.

    LDAP User

    From the dropdown, select the LDAP user. This option is only available when the User Type is Remote LDAP.

  4. Click OK.

Identity and Account Management (IAM)

Previously, each FortiCloud customer account had one set of usernames (email addresses) and passwords. All devices were registered under one account, making it difficult to implement Roles in FortiCloud. To solve this, FortiAuthenticator allows you to configure IAM users and accounts. Each IAM user is unique to an IAM account, whereas each IAM account is unique to the FortiAuthenticator instance or cluster. For more information on IAM users, see IAM user in the Identity & Access Management 23.1.a Administration Guide.

To view IAM users and accounts, go to Authentication > User Management > IAM, and toggle between Users or Accounts.

The IAM users and accounts list shows the following information:

Create New

Select to create an IAM account or user.

Delete

Select to delete the selected IAM accounts or users.

Import

Select to import IAM users.

In the Import IAM Users window, enter information as shown in To create an IAM user.

Edit

Select to edit the selected IAM account.

In the Edit IAM Account window, enter information as shown in To create an IAM account.

To create an IAM account:
  1. Go to Authentication > User Management > IAM.
  2. Select Accounts, and then select Create New.
  3. Enter the following information:

    Account Name

    Enter the account name. The name must be unique among all the IAM accounts.

    Alias

    Enter alias. This must be unique among all the IAM accounts.

  4. Click OK.
To create an IAM user:
  1. Go to Authentication > User Management > IAM.
  2. Select Users, and then select Create New.
  3. Enter the following information:
    Username

    Enter the account name. The name must be unique within the selected IAM account.

    Administrator

    Enable to give this user administrator privileges.

    An administrator can manage users within the same account.

    Account

    From the dropdown, select the account to add this user to.

    Use the pen icon to edit the selected account, + to create a new IAM account, and x to delete the selected IAM account.

    User Type

    Select the user account type, either Local or Remote LDAP.

    Local User

    From the dropdown, select the local user. This option is only available when the User Type is Local.

    Remote LDAP server

    From the dropdown, select the Remote LDAP server. This option is only available when the User Type is Remote LDAP.

    LDAP User

    From the dropdown, select the LDAP user. This option is only available when the User Type is Remote LDAP.

  4. Click OK.