Fortinet black logo

Identity & Access Management (IAM)

Introduction

24.1.0
Copy Link
Copy Doc ID cb035e9b-aa60-11ee-8673-fa163e15d75b:703535
Download PDF

Introduction

Identity & Access Management (IAM) is a service to help you control access to FortiCloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.

Key Features

Permission model

The permission model has been updated with multi-dimensional permission model to provide fine grained control and easy of use. It comes with following two factors:

  • Permission Profile: Defines the enabled portals and the access permissions available to an assigned user. Instead of assigning portal permissions directly when creating an IAM user, external IdP role, and so on, the user is assigned to a permission profile. The permission profile must be created before being assigned to a user. Permission profiles can be assigned to multiple users and user groups.

  • Permission Scope: The permission scope defines the scope of access within the account. Management of the account is dependent on the available and selected scope.

IAM user

The IAM user type provides more control and flexibility when assigning user permissions. Save time creating new users by applying the permissions of an existing user to a new user or adding the user to a group. Account administrators can temporarily disable vulnerable IAM users and enforce Two-Factor Authentication at the account level. Migrate sub users to the IAM portal to manage all of your users in one place.

User Groups

Organize IAM users into user groups to assign portal and asset permissions to multiple users at the same time. You can create a group based on the user roles, asset permissions, or any other category of your choosing. Remove a user from a group without deleting their profile from the portal or temporarily disable a vulnerable group.

IAM API user

The IAM portal lets you quickly create and manage IAM API users for programmatic access to the API. IAM API user access types are specific to each portal.

External IdP roles

External IdP roles allow IdP users to log in to a cloud portal with their organization's ID provider. External IdP roles allow you to create one role for many users while leveraging all of the benefits of the IAM user type. One account can have more than one external IdP role. User accounts with multiple roles are required to select a role before they can access a portal.

Note

IdP roles are a limited beta feature.

Multi-factor Authentication (2FA)

Two-Factor Authentication is fast and easy to configure. Users can authenticate using FortiToken or with an emailed security token. IAM administrators can enforce 2FA for all users at the account level. If a user disables 2FA for their account, they cannot access Fortinet applications until they enable it again.

Related Videos

sidebar video

FortiCloud IAM Portal Overview

  • 1,705 views
  • 1 years ago

Introduction

Identity & Access Management (IAM) is a service to help you control access to FortiCloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.

Key Features

Permission model

The permission model has been updated with multi-dimensional permission model to provide fine grained control and easy of use. It comes with following two factors:

  • Permission Profile: Defines the enabled portals and the access permissions available to an assigned user. Instead of assigning portal permissions directly when creating an IAM user, external IdP role, and so on, the user is assigned to a permission profile. The permission profile must be created before being assigned to a user. Permission profiles can be assigned to multiple users and user groups.

  • Permission Scope: The permission scope defines the scope of access within the account. Management of the account is dependent on the available and selected scope.

IAM user

The IAM user type provides more control and flexibility when assigning user permissions. Save time creating new users by applying the permissions of an existing user to a new user or adding the user to a group. Account administrators can temporarily disable vulnerable IAM users and enforce Two-Factor Authentication at the account level. Migrate sub users to the IAM portal to manage all of your users in one place.

User Groups

Organize IAM users into user groups to assign portal and asset permissions to multiple users at the same time. You can create a group based on the user roles, asset permissions, or any other category of your choosing. Remove a user from a group without deleting their profile from the portal or temporarily disable a vulnerable group.

IAM API user

The IAM portal lets you quickly create and manage IAM API users for programmatic access to the API. IAM API user access types are specific to each portal.

External IdP roles

External IdP roles allow IdP users to log in to a cloud portal with their organization's ID provider. External IdP roles allow you to create one role for many users while leveraging all of the benefits of the IAM user type. One account can have more than one external IdP role. User accounts with multiple roles are required to select a role before they can access a portal.

Note

IdP roles are a limited beta feature.

Multi-factor Authentication (2FA)

Two-Factor Authentication is fast and easy to configure. Users can authenticate using FortiToken or with an emailed security token. IAM administrators can enforce 2FA for all users at the account level. If a user disables 2FA for their account, they cannot access Fortinet applications until they enable it again.