Fortinet white logo
Fortinet white logo

Administration Guide

Self-registration

Self-registration

When self-registration is enabled, users can request registration through the FortiAuthenticator login page. Self-registration can be configured so that a user request is emailed to the device administrator for approval.

When the account is ready for use, the user receives an email or SMS message with their account information.

To enable self-registration:
  1. Go to Authentication > Self-service Portal > Self-registration.
  2. Select Enable to enable self-registration.
  3. Optionally, configure the following settings:
    Require administrator approvalSelect to require that an administrator approves the user.
    Enable email to freeform addressesSelect to send self-registration requests to the email addresses entered in the Administrator email addresses field.
    Select User Groups allowed to approve new user registrationsSelect to send self-registration requests to specific user groups. Select the required approvers from the Available groups box and move them to the Chosen groups box.

    If enabled, the guests are given a dropdown list of approvers to choose from on the self-registration page. The FortiAuthenticator sends an approval request to that approver's email address. The list of approvers is the union of all the users/administrators who are members of the specified groups. Local, remote LDAP, and remote RADIUS groups are supported.
    Account expires afterEnable to specify an expiration for self-generated accounts after they are generated.
    Use mobile number as usernameIf enabled, after a successful registration, the user’s password is sent to them via SMS to confirm their identity.
    Place registered users into a groupSelect a group into which self-registered users are placed.
    Password creation

    Select how a password is created, either User-defined or Randomly generated.

    Enforce contact verification

    Enable/disable whether to enforce contact verification. If enabled, select whether to verify the user's email address or mobile number, or allow the user to decide between email address or mobile number.

    Account delivery options available to the user

    Choose how to send account information to the user, either SMS, Email, or Display on browser page.

    The Display on browser page option is only available if administrator approval is not required, i.e., the Require administrator approval option is disabled.

    SMS gateway

    Select an SMS gateway from the dropdown menu. See SMS gateways for more information.

    Required Field Configuration

    Select the fields that the user is required to populate when self-registering. Options include: First name, Last name, Email address, Address, City, State/Province, Country, Phone number, Mobile number, Custom field 1, Custom field 2, and Custom field 3.

    Note: By default, First name, Last name, and Email address are enabled.

    See Custom user fields for more information.

  4. Select Save to apply your changes.

Self-registration approval

The self-registration page is a customizable replacement message. The default replacement message contains a new optional field for the self-registering guest to select an approver. The list of approvers comes from the groups specified in the configuration. The dropdown list is populated with the explicit list of group members for local groups, remote RADIUS groups, and remote LDAP groups.

Each approver in the dropdown list is designated as "Lastname, Firstname". In cases where first and last name are not available, an approver is designated as "username" instead. Disabled user accounts are excluded from the list. User accounts without a configured email address are also excluded from the list.

To approve a self-registration request:
  1. Select the link in the Approval Required for... email message to open the New User Approval page in your web browser.
  2. Review the information and select either Approve or Deny, as appropriate.
  3. Approval is required only if Require administrator approval is enabled in the self-registration settings.

    If the request is approved, FortiAuthenticator sends the user an email or SMS message stating that the account has been activated.

How a user requests registration

A user can request registration, or self-register, from the FortiAuthenticator login screen.

To request registration:
  1. Browse to the IP address of FortiAuthenticator.
  2. Security policies must be in place on the FortiGate unit to establish these sessions.

  3. Select Register to open the user registration page.
  4. Fill in all the required fields and, optionally, fill in the Additional Information fields.
  5. Select Save to request registration.
  6. If administrator approval is not required and Display on browser page is enabled, the account details are immediately displayed to the user.

Self-registration

Self-registration

When self-registration is enabled, users can request registration through the FortiAuthenticator login page. Self-registration can be configured so that a user request is emailed to the device administrator for approval.

When the account is ready for use, the user receives an email or SMS message with their account information.

To enable self-registration:
  1. Go to Authentication > Self-service Portal > Self-registration.
  2. Select Enable to enable self-registration.
  3. Optionally, configure the following settings:
    Require administrator approvalSelect to require that an administrator approves the user.
    Enable email to freeform addressesSelect to send self-registration requests to the email addresses entered in the Administrator email addresses field.
    Select User Groups allowed to approve new user registrationsSelect to send self-registration requests to specific user groups. Select the required approvers from the Available groups box and move them to the Chosen groups box.

    If enabled, the guests are given a dropdown list of approvers to choose from on the self-registration page. The FortiAuthenticator sends an approval request to that approver's email address. The list of approvers is the union of all the users/administrators who are members of the specified groups. Local, remote LDAP, and remote RADIUS groups are supported.
    Account expires afterEnable to specify an expiration for self-generated accounts after they are generated.
    Use mobile number as usernameIf enabled, after a successful registration, the user’s password is sent to them via SMS to confirm their identity.
    Place registered users into a groupSelect a group into which self-registered users are placed.
    Password creation

    Select how a password is created, either User-defined or Randomly generated.

    Enforce contact verification

    Enable/disable whether to enforce contact verification. If enabled, select whether to verify the user's email address or mobile number, or allow the user to decide between email address or mobile number.

    Account delivery options available to the user

    Choose how to send account information to the user, either SMS, Email, or Display on browser page.

    The Display on browser page option is only available if administrator approval is not required, i.e., the Require administrator approval option is disabled.

    SMS gateway

    Select an SMS gateway from the dropdown menu. See SMS gateways for more information.

    Required Field Configuration

    Select the fields that the user is required to populate when self-registering. Options include: First name, Last name, Email address, Address, City, State/Province, Country, Phone number, Mobile number, Custom field 1, Custom field 2, and Custom field 3.

    Note: By default, First name, Last name, and Email address are enabled.

    See Custom user fields for more information.

  4. Select Save to apply your changes.

Self-registration approval

The self-registration page is a customizable replacement message. The default replacement message contains a new optional field for the self-registering guest to select an approver. The list of approvers comes from the groups specified in the configuration. The dropdown list is populated with the explicit list of group members for local groups, remote RADIUS groups, and remote LDAP groups.

Each approver in the dropdown list is designated as "Lastname, Firstname". In cases where first and last name are not available, an approver is designated as "username" instead. Disabled user accounts are excluded from the list. User accounts without a configured email address are also excluded from the list.

To approve a self-registration request:
  1. Select the link in the Approval Required for... email message to open the New User Approval page in your web browser.
  2. Review the information and select either Approve or Deny, as appropriate.
  3. Approval is required only if Require administrator approval is enabled in the self-registration settings.

    If the request is approved, FortiAuthenticator sends the user an email or SMS message stating that the account has been activated.

How a user requests registration

A user can request registration, or self-register, from the FortiAuthenticator login screen.

To request registration:
  1. Browse to the IP address of FortiAuthenticator.
  2. Security policies must be in place on the FortiGate unit to establish these sessions.

  3. Select Register to open the user registration page.
  4. Fill in all the required fields and, optionally, fill in the Additional Information fields.
  5. Select Save to request registration.
  6. If administrator approval is not required and Display on browser page is enabled, the account details are immediately displayed to the user.