Fortinet Document Library

Version:


Table of Contents

22.2.0
Download PDF
Copy Link

Adding IAM users

Use the Add IAM User wizard to configure a user's permissions and generate their login credentials. To save time, you can apply an existing user's permissions to the new user, or assign the user to a group. New users will have their own asset and portal permissions until you assign them to a group.

To add a new IAM user, you must:

Creating a new IAM user

You can create a new IAM user with the Add IAM User wizard.

To create an IAM user with the wizard:
  1. Go to IAM User. The IAM Users page opens.

  2. Click ADD IAM USER. The User Details pane opens.

  3. (Optional) Click Apply same permissions as existing User , and then select a user from the dropdown. You can configure the permissions later.

  4. Enter the user's details.

    Username Type the username with no spaces.
    Full Name Type the user's first and last name.
    Email Type the user's email address.
    Phone Select the country code from the dropdown, and type the user's phone number.
    Description (Optional) Type a description of the user.

  5. (Optional) Add the user to an IAM user group. See IAM user groups.

    1. Click IAM User Group, and select a group from the dropdown. The Effect Asset Permissions and the Effective Portal Permissions are displayed.

    2. Click Next, and proceed to Step 10.

  6. From the Asset Permissions dropdown, select an asset folder. See Asset and portal permissions

  7. Configure the Portal Permissions.

    1. Click the Edit button in the portal row.

      Permission Description
      Allow Portal Access

      Toggle Yes to allow access to a portal.

      Access Type

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only

      Additional Permission

      Additional permissions vary depending on the portal.

      Asset Management:

      • Recieve Renewal Notification

      FortiCare (Read Only or Read/Write)

      • Customer Serivce

      • Technical Assistance

      • RMA/DOA

      Note

      Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.

    2. Click Confirm.

  8. Configure the Cloud Management & Servicespermissions.

    1. Click Add (+), then select a service from the list, and click ADD.

    2. Click the Edit button, and configure the portal permissions.

      Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only

    3. Click Confirm.

  9. Click Next. The Confirmation page is displayed.

  10. Review the user information, and click Confirm. The user's details are displayed on the Successful User Registration page.

Account credentials must be shared with the user. The account password can be configured using Generate Password. See Creating a password to configure the account password and share user credentials.

Creating a password

You can choose to create the new account password yourself or have the user create a personal password:

  • If you create the password, share the Account ID, Alias, Username, and new password with the user.

  • If the user will create the password, share the reset link, Account ID, Alias, and Username with the user.

To set the account password:
  1. On the Successful User Registration page, click Generate Password. The Login with the Generated Link dialog opens.

  2. Click Generate Password. A reset link is generated.

  3. Click Copy Reset Link. The reset link is copied to your clipboard.

  4. Paste the reset link into your browser. The Reset Password page opens and account credentials are displayed.

  5. Enter the password in the New Password and Confirm New Password fields.

  6. Click Submit. A confirmation message displays.

  7. Share the account credentials with the user.

Note

The Generate Password link can also be accessed on Security Credentials tab of the IAM Users > <Full Name> page. See Generating passwords.

New IAM users are required to perform a validation check the first time they log in to a portal. See Validating new IAM users.

Adding IAM users

Use the Add IAM User wizard to configure a user's permissions and generate their login credentials. To save time, you can apply an existing user's permissions to the new user, or assign the user to a group. New users will have their own asset and portal permissions until you assign them to a group.

To add a new IAM user, you must:

Creating a new IAM user

You can create a new IAM user with the Add IAM User wizard.

To create an IAM user with the wizard:
  1. Go to IAM User. The IAM Users page opens.

  2. Click ADD IAM USER. The User Details pane opens.

  3. (Optional) Click Apply same permissions as existing User , and then select a user from the dropdown. You can configure the permissions later.

  4. Enter the user's details.

    Username Type the username with no spaces.
    Full Name Type the user's first and last name.
    Email Type the user's email address.
    Phone Select the country code from the dropdown, and type the user's phone number.
    Description (Optional) Type a description of the user.

  5. (Optional) Add the user to an IAM user group. See IAM user groups.

    1. Click IAM User Group, and select a group from the dropdown. The Effect Asset Permissions and the Effective Portal Permissions are displayed.

    2. Click Next, and proceed to Step 10.

  6. From the Asset Permissions dropdown, select an asset folder. See Asset and portal permissions

  7. Configure the Portal Permissions.

    1. Click the Edit button in the portal row.

      Permission Description
      Allow Portal Access

      Toggle Yes to allow access to a portal.

      Access Type

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only

      Additional Permission

      Additional permissions vary depending on the portal.

      Asset Management:

      • Recieve Renewal Notification

      FortiCare (Read Only or Read/Write)

      • Customer Serivce

      • Technical Assistance

      • RMA/DOA

      Note

      Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.

    2. Click Confirm.

  8. Configure the Cloud Management & Servicespermissions.

    1. Click Add (+), then select a service from the list, and click ADD.

    2. Click the Edit button, and configure the portal permissions.

      Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only

    3. Click Confirm.

  9. Click Next. The Confirmation page is displayed.

  10. Review the user information, and click Confirm. The user's details are displayed on the Successful User Registration page.

Account credentials must be shared with the user. The account password can be configured using Generate Password. See Creating a password to configure the account password and share user credentials.

Creating a password

You can choose to create the new account password yourself or have the user create a personal password:

  • If you create the password, share the Account ID, Alias, Username, and new password with the user.

  • If the user will create the password, share the reset link, Account ID, Alias, and Username with the user.

To set the account password:
  1. On the Successful User Registration page, click Generate Password. The Login with the Generated Link dialog opens.

  2. Click Generate Password. A reset link is generated.

  3. Click Copy Reset Link. The reset link is copied to your clipboard.

  4. Paste the reset link into your browser. The Reset Password page opens and account credentials are displayed.

  5. Enter the password in the New Password and Confirm New Password fields.

  6. Click Submit. A confirmation message displays.

  7. Share the account credentials with the user.

Note

The Generate Password link can also be accessed on Security Credentials tab of the IAM Users > <Full Name> page. See Generating passwords.

New IAM users are required to perform a validation check the first time they log in to a portal. See Validating new IAM users.