Fortinet black logo

Administration Guide

Home FortiAuthenticator 6.5.1 Administration Guide
6.5.1
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.1
4.2.0

RADIUS attributes

RADIUS attributes

Some services can receive information about an authenticated user through RADIUS vendor-specific attributes. FortiAuthenticator user groups and user accounts can include RADIUS attributes for Fortinet and other vendors.

Attributes in user accounts can specify user-related information. For example, the Default attribute Framed-IP-Address specifies the VPN tunnel IP address sent to the user by the Fortinet SSL VPN.

Attributes in user groups can specify more general information, applicable to the whole group. For example, specifying third-party vendor attributes to a switch could enable administrative level login to all members of the Network_Admins group, or authorize the user to the correct privilege level on the system.

To add RADIUS attributes to a user or group:
  1. Go to Authentication > User Management > Local Users and select a user account to edit, or go to Authentication > User Management > User Groups and select a group to edit.
  2. In the RADIUS Attributes section, select Add RADIUS Attribute.
  3. Select the appropriate Vendor and Attribute ID.
  4. Set the RADIUS attribute Value Type to a Static or a Dynamic value.

    Note: The Value Type option depends on the Vendor and Attribute ID selection.

    The following restrictions apply to the new Dynamic option:

    • When the user group is local or remote RADIUS groups, the Dynamic option is only available if the RADIUS attribute type is String.

    • When the user group is remote LDAP, the Dynamic option only available if RADIUS attribute type is String or IP.

    • When the user group is remote SAML or MAC groups, the Dynamic option is not available.

  5. When Static is selected, enter attribute’s value in the Value field.

    When Dynamic is selected, select an option from the User attribute dropdown.

    The user attribute provides value(s) for the RADIUS attribute.

  6. Select OK to add the new attribute to the user or group.
  7. Repeat the above steps to add additional attributes as needed.
Previous
Next

RADIUS attributes

Some services can receive information about an authenticated user through RADIUS vendor-specific attributes. FortiAuthenticator user groups and user accounts can include RADIUS attributes for Fortinet and other vendors.

Attributes in user accounts can specify user-related information. For example, the Default attribute Framed-IP-Address specifies the VPN tunnel IP address sent to the user by the Fortinet SSL VPN.

Attributes in user groups can specify more general information, applicable to the whole group. For example, specifying third-party vendor attributes to a switch could enable administrative level login to all members of the Network_Admins group, or authorize the user to the correct privilege level on the system.

To add RADIUS attributes to a user or group:
  1. Go to Authentication > User Management > Local Users and select a user account to edit, or go to Authentication > User Management > User Groups and select a group to edit.
  2. In the RADIUS Attributes section, select Add RADIUS Attribute.
  3. Select the appropriate Vendor and Attribute ID.
  4. Set the RADIUS attribute Value Type to a Static or a Dynamic value.

    Note: The Value Type option depends on the Vendor and Attribute ID selection.

    The following restrictions apply to the new Dynamic option:

    • When the user group is local or remote RADIUS groups, the Dynamic option is only available if the RADIUS attribute type is String.

    • When the user group is remote LDAP, the Dynamic option only available if RADIUS attribute type is String or IP.

    • When the user group is remote SAML or MAC groups, the Dynamic option is not available.

  5. When Static is selected, enter attribute’s value in the Value field.

    When Dynamic is selected, select an option from the User attribute dropdown.

    The user attribute provides value(s) for the RADIUS attribute.

  6. Select OK to add the new attribute to the user or group.
  7. Repeat the above steps to add additional attributes as needed.
Previous
Next