config admin

Description: Configure user access.

config system admin
  edit <name>
    set *accprofile <name1>
    set remote-auth {enable | disable}
    set wildcard {enable | disable}
    set *password {string}
    set remote-group {group name}
    set trusthost1 {ipv4-address}
    set trusthost2 {ipv4-address}
    set trusthost3 {ipv4-address}
    set trusthost4 {ipv4-address}
    set trusthost5 {ipv4-address}
    set trusthost6 {ipv4-address}
    set trusthost7 {ipv4-address}
    set trusthost8 {ipv4-address}
    set trusthost9 {ipv4-address}
    set trusthost10 {ipv4-address}
    set allow-ssh {enable | disable}
  next
end

Sample command:

config system admin
  edit remote1
    set accprofile super_admin
    set remote-auth enable
    set wildcard enable
    set password ENC *
    set remote-group group1
    set trusthost1 192.168.200.110/24
    set trusthost2
    set trusthost3
    set trusthost4
    set trusthost5
    set trusthost6
    set trusthost7
    set trusthost8
    set trusthost9
    set trusthost10
    set allow-ssh enable
  next
end

Parameter	Description	Typy	Size	Default
accprofile	Access profile.	string	-	none
remote-auth	Enable/disable authentication using a remote RADIUS server	option	-	disable
	Option Description enable Enable authentication using a remote RADIUS server. disable Disable authentication using a remote RADIUS server.
wildcard	Enable/disable wildcard RADIUS authentication Only one wildcard remote account is allowed to exist under system admin.	option	-	disable
	Option Description enable Enable wildcard RADIUS authentication When enabled, the remote user can share the account and log in without needing to create multiple user accounts. That means, you can use the user and password pair stored in the remote server without needing to match the table name. disable Disable wildcard RADIUS authentication
password	Admin user password Note: If wildcard is enabled, you cannot set a password.	string	-	none
remote-group	Enter the FortiBranchSASE user group name you want to use for remote authentication. Note: If remote-auth is enabled, remote-group becomes mandatory. Otherwise remote-group is hidden. If remote-auth is enabled but wildcard is disabled, you must set a local password. If the RADIUS server is unreachable, FortiBranchSASE uses the local password. For other situations, such as if FortiBranchSASE receives a RADIUS reject message, the local password is omitted.	option	-	none
trusthost1	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost2	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost3	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost4	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost5	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost6	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost7	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost8	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost9	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
trusthost10	Address or subnet address and netmask from which the administrator can connect to the device.	IPv4 address	-	none
allow-ssh	Enable/disable allowing the user to log in using SSH.	option	-	enable
	Option Description enable The user can log in with SSH. disable The user cannot log in with SSH.