Fortinet black logo

Identity & Access Management (IAM)

Home FortiCloud Services 24.1.0 Identity & Access Management (IAM)
24.1.0
24.1.0

Creating users, user groups, and roles within Organizations

Creating users, user groups, and roles within Organizations

New IAM users, user groups, and IdP roles can be created from the appropriate Identity & Access Management portal pages. When you configure the details, the Choose a Type and Permission Scope features can be used to define Local or Organization type, and the asset folder or OU path, respectively.

To create an IAM user:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > IAM User. The User Details pane opens.
  3. (Optional) Click Apply same permissions as existing User, and then select a user from the dropdown. You can configure the permissions later.
  4. Enter the user's details and click Next.

    UsernameType the username with no spaces.
    Full Name Type the user's first and last name.
    EmailType the user's email address.
    Phone Select the country code from the dropdown, and type the user's phone number.
    Description (Optional)Type a description of the user.

  5. (Optional) Add the user to an IAM user group. See User groups.

    1. Select Yes from Basic Info.

      A dropdown list of user groups is displayed.

    2. Select a user group from the dropdown.

    3. Click Next, and proceed to Step 10.

  6. Select the Organization user type from Choose A Type dropdown list.

  7. Select the scope from the Permission Scope dropdown.

    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  8. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  9. Click Next. The Confirmation page is displayed.
  10. Review the user information, and click Confirm. The user's details are displayed.

Account credentials must be shared with the user. The user can generate a password reset link and share it with the newly created IAM user.

To create a user group:
  1. Select User Groups from the left-hand navigation menu. The User Groups page opens.

  2. Click Add IAM User Group. The IAM User Group Information page is displayed.
  3. In the Group Name field, enter a name for the group.
  4. (Optional) In the Description field, describe the group.
  5. (Optional) Set the Status to Disabled. The status is Active by default.
  6. Click Next.
  7. Select the user type from Choose A Type dropdown list.

  8. Select the scope from the Permission Scope dropdown.

    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  9. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  10. Click Next. The Add IAM user(s) page is displayed.
  11. Assign users to the group.
    1. Click Add User.
    2. (Optional) Click Filter users by Group, to view users in a group. Selecting a user in a group will remove the user from that group.
    3. (Optional) Enter a username in the search bar, and enter the user name. As you type, partial results are returned.
    4. Select the users and click Add.
    5. Click Next.The Confirmation page is displayed.
  12. Review the group permissions, and click Confirm.

  13. (Optional) Click Add Another Group.
To add an external user role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > External IDP Role. The External IdP Role page opens.

  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. Select the Organization user type from Choose A Type dropdown list.

  6. From the Permission Scope dropdown, select an asset folder or Organizational Unit.
    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  7. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  8. Click Add Role.
Previous
Next

Creating users, user groups, and roles within Organizations

New IAM users, user groups, and IdP roles can be created from the appropriate Identity & Access Management portal pages. When you configure the details, the Choose a Type and Permission Scope features can be used to define Local or Organization type, and the asset folder or OU path, respectively.

To create an IAM user:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > IAM User. The User Details pane opens.
  3. (Optional) Click Apply same permissions as existing User, and then select a user from the dropdown. You can configure the permissions later.
  4. Enter the user's details and click Next.

    UsernameType the username with no spaces.
    Full Name Type the user's first and last name.
    EmailType the user's email address.
    Phone Select the country code from the dropdown, and type the user's phone number.
    Description (Optional)Type a description of the user.

  5. (Optional) Add the user to an IAM user group. See User groups.

    1. Select Yes from Basic Info.

      A dropdown list of user groups is displayed.

    2. Select a user group from the dropdown.

    3. Click Next, and proceed to Step 10.

  6. Select the Organization user type from Choose A Type dropdown list.

  7. Select the scope from the Permission Scope dropdown.

    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  8. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  9. Click Next. The Confirmation page is displayed.
  10. Review the user information, and click Confirm. The user's details are displayed.

Account credentials must be shared with the user. The user can generate a password reset link and share it with the newly created IAM user.

To create a user group:
  1. Select User Groups from the left-hand navigation menu. The User Groups page opens.

  2. Click Add IAM User Group. The IAM User Group Information page is displayed.
  3. In the Group Name field, enter a name for the group.
  4. (Optional) In the Description field, describe the group.
  5. (Optional) Set the Status to Disabled. The status is Active by default.
  6. Click Next.
  7. Select the user type from Choose A Type dropdown list.

  8. Select the scope from the Permission Scope dropdown.

    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  9. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  10. Click Next. The Add IAM user(s) page is displayed.
  11. Assign users to the group.
    1. Click Add User.
    2. (Optional) Click Filter users by Group, to view users in a group. Selecting a user in a group will remove the user from that group.
    3. (Optional) Enter a username in the search bar, and enter the user name. As you type, partial results are returned.
    4. Select the users and click Add.
    5. Click Next.The Confirmation page is displayed.
  12. Review the group permissions, and click Confirm.

  13. (Optional) Click Add Another Group.
To add an external user role:
  1. Select Users from the left-hand navigation menu. The Users page opens.
  2. Click Add New > External IDP Role. The External IdP Role page opens.

  3. In the Role Name field, type the name of the role.
  4. (Optional) In the Description field, enter a description of the role.
  5. Select the Organization user type from Choose A Type dropdown list.

  6. From the Permission Scope dropdown, select an asset folder or Organizational Unit.
    Note

    Permission Scope options depend on the type you select in the previous step. For example, if the Organization type is selected, the OU scope will be selected here. The available scope will be applied in this case.

  7. In the Permissions Profile dropdown, select a profile. The Permission Details assigned to the selected profile are displayed.
  8. Click Add Role.
Previous
Next