Fortinet Document Library

Version:


Table of Contents

22.2.0
Download PDF
Copy Link

FAQ

Can anyone access the IAM portal or does it require special permissions?

Any Account Owner (the person who created the account, also known as the Master user) can access the IAM portal. IAM Users have access to the portal based on the permissions set by the Master user (e.g. admin, read only, read write).

Do I need to be a Master user to create IAM users?

Master users can create IAM Users. IAM Users with Admin/Read-Write permissions to the IAM portal can also create IAM Users. See, Adding IAM users.

Which FortiCloud portals support IAM users?

Most FortiCloud portals include IAM User support. Refer to the product portal admin guides for more information about IAM User support and permissions.

Why are you changing user management?

FortiCloud supports many cloud services all accessible with a unified FortiCloud account. IAM introduces granular access control for various cloud services and improved common user management for all services. For example, an IAM User can be created by an admin with access to specific services with a designated role such as admin or read only.

What benefit does IAM offer me?

IAM provides in-depth access and permission control for services. Granular permissions provide additional security and strong access control for account admins.

Can I still create traditional sub accounts?

Yes, however we strongly recommend migrating your users to the IAM portal to take advantage of the security features. The IAM portal includes a sub user migration wizard for easy migration.

Will you stop supporting sub accounts, and if so, when?

While both models co-exist currently, the legacy user management model is expected to be deprecated in the near future. The timeline for deprecation will be communicated later.

What limitations do legacy sub accounts have?

Legacy sub accounts have limited permission controls. The IAM permission model enhances the access control with fine grained permissions for various cloud products and services.

What is the Alias for IAM users?

Each account is identified with a unique Account ID. Instead of remembering the Account ID, the account admin can set an alias (a unique string) to easily identify the account. An account alias can be used by IAM Users when they log in to a portal.

Is an Alias required?

Adding an account alias is optional. IAM Users can use an Account ID or Account Alias if set.

Can I modify or change the Alias?

Yes, admins can update the alias from the My Account menu in the top menu bar.

How do I set a password for an IAM user?

When creating an IAM User, the system generates a temporary password the IAM User can log in with. After the IAM User is logged in, they can set a new password of their choice. See, Adding IAM users.

Do I have to provide new IAM users with the generated password file?

Admins should provide the initial system generated password to the IAM User. After that, the IAM User can reset the password at any time using the Security Credentials menu from the top menu bar.

How do I reset an IAM user's password?

Admins (Master user or IAM User with Admin/Read-Write permissions) can always generate new temporary passwords from the IAM User profile in IAM portal. See, Generating passwords.

Can admins update or edit an IAM User's permissions to portals or assets?

Yes. An admin (Master user or IAM User with Admin/Read-Write permissions) can change the permissions from IAM Portal after creating the IAM User. See, Updating user permissions.

Can I can change an IAM User's individual permissions in an IAM User Group?

Once an IAM User is added to a IAM User Group, only Group permissions apply. See, Managing IAM user groups.

How do IAM Users log in to the FortiCloud account?

On the Login screen, select Login as IAM User and enter the Account ID (or Alias), IAM Username and password.

Can I access the IAM portal with my Partner account?

No. The IAM portal is not available in the Services menu when you log in with a Partner account.

Why am I being forced to use two-factor authorization to log into a portal?

When Two-Factor Authentication (2FA) is enabled at the account level, all users including legacy sub-users, are forced to set up 2FA to log into the portal.

Legacy sub-users that use the same email address for multiple accounts may notice they can log into one account with an email address but are forced to log in with 2FA for another account. This is because one account has 2FA enabled while the other does not.

Users can disable 2FA for their account even when it is enabled at the account level. However, the user will not be able to log into the portal until 2FA is enabled again.

FAQ

Can anyone access the IAM portal or does it require special permissions?

Any Account Owner (the person who created the account, also known as the Master user) can access the IAM portal. IAM Users have access to the portal based on the permissions set by the Master user (e.g. admin, read only, read write).

Do I need to be a Master user to create IAM users?

Master users can create IAM Users. IAM Users with Admin/Read-Write permissions to the IAM portal can also create IAM Users. See, Adding IAM users.

Which FortiCloud portals support IAM users?

Most FortiCloud portals include IAM User support. Refer to the product portal admin guides for more information about IAM User support and permissions.

Why are you changing user management?

FortiCloud supports many cloud services all accessible with a unified FortiCloud account. IAM introduces granular access control for various cloud services and improved common user management for all services. For example, an IAM User can be created by an admin with access to specific services with a designated role such as admin or read only.

What benefit does IAM offer me?

IAM provides in-depth access and permission control for services. Granular permissions provide additional security and strong access control for account admins.

Can I still create traditional sub accounts?

Yes, however we strongly recommend migrating your users to the IAM portal to take advantage of the security features. The IAM portal includes a sub user migration wizard for easy migration.

Will you stop supporting sub accounts, and if so, when?

While both models co-exist currently, the legacy user management model is expected to be deprecated in the near future. The timeline for deprecation will be communicated later.

What limitations do legacy sub accounts have?

Legacy sub accounts have limited permission controls. The IAM permission model enhances the access control with fine grained permissions for various cloud products and services.

What is the Alias for IAM users?

Each account is identified with a unique Account ID. Instead of remembering the Account ID, the account admin can set an alias (a unique string) to easily identify the account. An account alias can be used by IAM Users when they log in to a portal.

Is an Alias required?

Adding an account alias is optional. IAM Users can use an Account ID or Account Alias if set.

Can I modify or change the Alias?

Yes, admins can update the alias from the My Account menu in the top menu bar.

How do I set a password for an IAM user?

When creating an IAM User, the system generates a temporary password the IAM User can log in with. After the IAM User is logged in, they can set a new password of their choice. See, Adding IAM users.

Do I have to provide new IAM users with the generated password file?

Admins should provide the initial system generated password to the IAM User. After that, the IAM User can reset the password at any time using the Security Credentials menu from the top menu bar.

How do I reset an IAM user's password?

Admins (Master user or IAM User with Admin/Read-Write permissions) can always generate new temporary passwords from the IAM User profile in IAM portal. See, Generating passwords.

Can admins update or edit an IAM User's permissions to portals or assets?

Yes. An admin (Master user or IAM User with Admin/Read-Write permissions) can change the permissions from IAM Portal after creating the IAM User. See, Updating user permissions.

Can I can change an IAM User's individual permissions in an IAM User Group?

Once an IAM User is added to a IAM User Group, only Group permissions apply. See, Managing IAM user groups.

How do IAM Users log in to the FortiCloud account?

On the Login screen, select Login as IAM User and enter the Account ID (or Alias), IAM Username and password.

Can I access the IAM portal with my Partner account?

No. The IAM portal is not available in the Services menu when you log in with a Partner account.

Why am I being forced to use two-factor authorization to log into a portal?

When Two-Factor Authentication (2FA) is enabled at the account level, all users including legacy sub-users, are forced to set up 2FA to log into the portal.

Legacy sub-users that use the same email address for multiple accounts may notice they can log into one account with an email address but are forced to log in with 2FA for another account. This is because one account has 2FA enabled while the other does not.

Users can disable 2FA for their account even when it is enabled at the account level. However, the user will not be able to log into the portal until 2FA is enabled again.