Self-registration
When self-registration is enabled, users can request registration through the FortiAuthenticator login page. Self-registration can be configured so that a user request is emailed to the device administrator for approval.
When the account is ready for use, the user receives an email or SMS message with their account information.
To enable self-registration:
- Go to Authentication > Self-service Portal > Self-registration.
- Select Enable to enable self-registration.
- Optionally, configure the following settings:
Require administrator approval Select to require that an administrator approves the user. Enable email to freeform addresses Select to send self-registration requests to the email addresses entered in the Administrator email addresses field. Select User Groups allowed to approve new user registrations Select to send self-registration requests to specific user groups. Select the required approvers from the Available groups box and move them to the Chosen groups box.
If enabled, the guests are given a dropdown list of approvers to choose from on the self-registration page. The FortiAuthenticator sends an approval request to that approver's email address. The list of approvers is the union of all the users/administrators who are members of the specified groups. Local, remote LDAP, and remote RADIUS groups are supported.Account expires after Enable to specify an expiration for self-generated accounts after they are generated. Use mobile number as username If enabled, after a successful registration, the user’s password is sent to them via SMS to confirm their identity. Place registered users into a group Select a group into which self-registered users are placed. Password creation Select how a password is created, either User-defined or Randomly generated.
Send account information via
Choose how to send account information to the user, either SMS, Email, or Display on browser page.
The Display on browser page option is only available if administrator approval is not required.
SMS gateway Select an SMS gateway from the dropdown menu. See SMS gateways for more information.
Required Field Configuration
Select the fields that the user is required to populate when self-registering. Options include: First name, Last name, Email, address, Address, City, State/Province, Country, Phone number, Mobile number, Custom field 1, Custom field 2, and Custom field 3.
See Custom user fields for more information.
- Select OK to apply your changes.
Self-registration approval
The self-registration page is a customizable replacement message. The default replacement message contains a new optional field for the self-registering guest to select an approver. The list of approvers comes from the groups specified in the configuration. The dropdown list is populated with the explicit list of group members for local groups, remote RADIUS groups, and remote LDAP groups.
Each approver in the dropdown list is designated as "Lastname, Firstname". In cases where first and last name are not available, an approver is designated as "username" instead. Disabled user accounts are excluded from the list. User accounts without a configured email address are also excluded from the list.
To approve a self-registration request:
- Select the link in the Approval Required for... email message to open the New User Approval page in your web browser.
- Review the information and select either Approve or Deny, as appropriate.
Approval is required only if Require administrator approval is enabled in the self-registration settings.
If the request is approved, FortiAuthenticator sends the user an email or SMS message stating that the account has been activated.
How a user requests registration
A user can request registration, or self-register, from the FortiAuthenticator login screen.
To request registration:
- Browse to the IP address of FortiAuthenticator.
- Select Register to open the user registration page.
- Fill in all the required fields and, optionally, fill in the Additional Information fields.
- Select OK to request registration.
Security policies must be in place on the FortiGate unit to establish these sessions.
If administrator approval is not required and Display on browser page is enabled, the account details are immediately displayed to the user.