Fortinet black logo

Identity & Access Management (IAM)

Home FortiCloud Services 24.2.0 Identity & Access Management (IAM)
24.2.0
24.2.0

Permission profiles within Organizations

Permission profiles within Organizations

Permission profiles are required before you can create IAM users, user groups, and so on. Permission profiles allow you to define access to portals and the level of access within the portal, such as admin or read only permissions. When creating an IAM user, user group, and so on while having access to OUs in the Organization portal, a permission scope must be defined to allow for current account access, OU access, or OU account access.

If you have organizations enabled and created in the Organization portal, permission profiles can be created for a specific OU or OU account using the Organization type, or the current account using the Local type. Once a permission profile is created, IAM users, user groups, and so on can be created and assigned to the permission profile.

To create a permission profile:

  1. Select Permission Profiles from the left-hand navigation menu. The Permission Profiles page opens.

  2. Select Add New. The New Portal Permission Profiles page is displayed.

  3. Enter a name for the profile in the Permission Profile Name field.

    Note

    Once the permission profile is saved, the permission profile type cannot be edited.

  4. Set the Status to Active.

  5. Enter a description of the portal permissions in the Description field.

  6. Select the profile type from the Choose A Type dropdown.

    Note

    Once the permission profile is saved, the type cannot be edited.

  7. Click Add Portal. A list of available portals is displayed.

  8. Select the portals you want to include in the permission profile.

  9. Click Add. The portals are displayed in cards.

  10. For each portal card, define portal permissions:

    Note

    If you want to deny access to a portal, add the portal to the permission profile but do not enable any resource or portal access.

    Excluding a portal from a permission profile does not deny access to that portal. If you do not add the portal to the permission profile, its status will be considered undefined. Therefore, it may be possible for the user to still access the portal from the Services dropdown menu if the portal itself provides open access to some features.

    • For portals with resource-based permission capabilities, specify the Resources access type.

    • For portals with role-based permissions, enable Access and specify the portal Access Type and any Additional Permissions.

  11. Click Save. The permission profile is now available to be assigned to users.

Previous
Next

Permission profiles within Organizations

Permission profiles are required before you can create IAM users, user groups, and so on. Permission profiles allow you to define access to portals and the level of access within the portal, such as admin or read only permissions. When creating an IAM user, user group, and so on while having access to OUs in the Organization portal, a permission scope must be defined to allow for current account access, OU access, or OU account access.

If you have organizations enabled and created in the Organization portal, permission profiles can be created for a specific OU or OU account using the Organization type, or the current account using the Local type. Once a permission profile is created, IAM users, user groups, and so on can be created and assigned to the permission profile.

To create a permission profile:

  1. Select Permission Profiles from the left-hand navigation menu. The Permission Profiles page opens.

  2. Select Add New. The New Portal Permission Profiles page is displayed.

  3. Enter a name for the profile in the Permission Profile Name field.

    Note

    Once the permission profile is saved, the permission profile type cannot be edited.

  4. Set the Status to Active.

  5. Enter a description of the portal permissions in the Description field.

  6. Select the profile type from the Choose A Type dropdown.

    Note

    Once the permission profile is saved, the type cannot be edited.

  7. Click Add Portal. A list of available portals is displayed.

  8. Select the portals you want to include in the permission profile.

  9. Click Add. The portals are displayed in cards.

  10. For each portal card, define portal permissions:

    Note

    If you want to deny access to a portal, add the portal to the permission profile but do not enable any resource or portal access.

    Excluding a portal from a permission profile does not deny access to that portal. If you do not add the portal to the permission profile, its status will be considered undefined. Therefore, it may be possible for the user to still access the portal from the Services dropdown menu if the portal itself provides open access to some features.

    • For portals with resource-based permission capabilities, specify the Resources access type.

    • For portals with role-based permissions, enable Access and specify the portal Access Type and any Additional Permissions.

  11. Click Save. The permission profile is now available to be assigned to users.

Previous
Next