Identity and Access Management (IAM) is a service to help you control access to FortiCloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.
The new IAM User type provides more control and flexibility when assigning user permissions. Save time creating new users by applying the permissions of an existing user to a new user or adding the user to a group. Account administrators can temporarily disable vulnerable IAM Users and enforce two-factor authentication at the account level. Migrate Sub Users to the IAM portal to manage all of your users in one place.
The IAM User model ensures users only have access to the portals and assets they require. IAM portal Administrators can select the FortiCloud portals a user can access and their access type. Asset permissions are based upon the folder structure in the Asset Management Portal. You can assign asset and portal permissions to an individual user or to a User Group.
Organize IAM Users into User Groups to assign portal and asset permissions to multiple users at the same time. You can create a group based on the user roles, asset permissions, or any other category of your choosing. Remove a user from a group without deleting their profile from the portal or temporarily disable a vulnerable group.
Two-factor authentication is fast and easy to configure and does not require a FortiToken account. IAM administrators can enforce 2FA for all users at the account level. If a user disables 2FA for their account, they cannot access Fortinet applications until they enable it again.
The IAM portal lets you quickly create and manage IAM API users for programmatic access to the API. IAM API User access types are specific to each portal.
External IdP roles allow IdP users to log in to a cloud portal with their organization's ID provider. External IdP roles allow you to create one role for many users while leveraging all of the benefits of the IAM User type. One account can have more than one External IdP role. User accounts with multiple roles are required to select a role before they can access a portal.
IdP roles is a limited beta feature. New enrollment requests are not available at this time.