Fortinet Document Library

Version:

22.2.0

Table of Contents

Identity & Access Management (IAM)

22.2.0
22.2.0
Download PDF
Copy Link

Managing IAM user groups

You can update the members in a group and their permissions from the Group Information page. Use the Status setting to temporarily suspend a group's permissions.

The IAM User Group page displays the following information:

Column

Description
Group Name The name of the user group.
Number of Users

The number of users assigned to the group.
Description The description of the group.
Updated The date the group was updated.
Status The group's status (Active/Disabled)
To update group details:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The IAM User Groups > <name> pane is displayed.

  3. Click Edit.
  4. Update the Group Name, Status, and Description, and then click Update.
To disable a user group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Select a group(s) in the list.
  3. Click Disable. The Permission Changed Confirmation dialog opens.
  4. Click Yes. The group's Status is changed to Disabled and the members' portal permissions are suspended until you re-activate the group.

To activate a user group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The IAM User Group > <group_name> page is displayed.
  3. Click Edit.
  4. From the Status dropdown, select Active.

  5. Click Update. The group's Status changes to Active and the members' portal permissions are restored.
To delete a user group:
Note

You cannot delete a group that has members or a group with Status of Disabled.
  1. Go to IAM User Groups.
  2. Select the user group(s), and click Delete. The Permission Changed Confirmation dialog is displayed.
  3. Click Yes. The group is removed from the list.

Adding and removing users

Add or remove users from the Users tab in the group details page.

To add users to a group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Select a user group, and click Add User. The Add User:<group_name> dialog appears.
  3. Select users from the list. You can filter the list with the Filter Users by Group dropdown, or use the Search field to find a specific user.
  4. Click Add.
Tooltip

You can also add users to a group from the Users tab in the group details.
To remove a user from a group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The Manage IAM User Group > <group_name> page is displayed.
  3. Click the Users tab.

  4. Select the user(s), and then click Remove User. The Remove User from User Group dialog opens.
  5. Configure the user's portal permissions and click Confirm. If you do not configure the permissions the user will lose access to the portal.

  6. Click Confirm.

Assigning portal and service permissions to a group

Use the Asset Permissions setting to manage the assets group members can access. Asset Permissions are mapped to the Asset Folders in the Asset Management portal. For information, see FortiCloud Asset Management Guide > Organizing assets.

To update portal and service permissions:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The Manage IAM User Group > <group_name> page is displayed.
  3. Click the Group Permissions tab.
  4. In the Portal Permissions area, click the Edit button next to an asset.
  5. Configure the user portal permissions:
    6. Permission Description
    Allow Portal Access

    Toggle Yes to allow access to a portal.
    Access Type

    The Access Type is defined by the portal. For example, the access types for Asset Management are:

    • Admin

    • Read Only

    • Read/Write

    Whereas the access types for FortiOS SSO are:

    • SuperAdmin

    • Read Only
    Additional Permission

    Additional permissions vary depending on the portal.

    Asset Management:

    • Recieve Renewal Notification

    FortiCare (Read Only or Read/Write)

    • Customer Serivce

    • Technical Assistance

    • RMA/DOA

    Note

    Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.
  6. Click Confirm.
  7. Configure the Cloud Management & Services settings.
    1. Click the plus (+) sign, and select a service from the list.
    2. Click the Edit button.
    3. Configure the service permissions.
      4. Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only
    4. Click Confirm.
  8. Click Update.

Managing IAM user groups

You can update the members in a group and their permissions from the Group Information page. Use the Status setting to temporarily suspend a group's permissions.

The IAM User Group page displays the following information:

Column

Description
Group Name The name of the user group.
Number of Users

The number of users assigned to the group.
Description The description of the group.
Updated The date the group was updated.
Status The group's status (Active/Disabled)
To update group details:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The IAM User Groups > <name> pane is displayed.

  3. Click Edit.
  4. Update the Group Name, Status, and Description, and then click Update.
To disable a user group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Select a group(s) in the list.
  3. Click Disable. The Permission Changed Confirmation dialog opens.
  4. Click Yes. The group's Status is changed to Disabled and the members' portal permissions are suspended until you re-activate the group.

To activate a user group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The IAM User Group > <group_name> page is displayed.
  3. Click Edit.
  4. From the Status dropdown, select Active.

  5. Click Update. The group's Status changes to Active and the members' portal permissions are restored.
To delete a user group:
Note

You cannot delete a group that has members or a group with Status of Disabled.
  1. Go to IAM User Groups.
  2. Select the user group(s), and click Delete. The Permission Changed Confirmation dialog is displayed.
  3. Click Yes. The group is removed from the list.

Adding and removing users

Add or remove users from the Users tab in the group details page.

To add users to a group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Select a user group, and click Add User. The Add User:<group_name> dialog appears.
  3. Select users from the list. You can filter the list with the Filter Users by Group dropdown, or use the Search field to find a specific user.
  4. Click Add.
Tooltip

You can also add users to a group from the Users tab in the group details.
To remove a user from a group:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The Manage IAM User Group > <group_name> page is displayed.
  3. Click the Users tab.

  4. Select the user(s), and then click Remove User. The Remove User from User Group dialog opens.
  5. Configure the user's portal permissions and click Confirm. If you do not configure the permissions the user will lose access to the portal.

  6. Click Confirm.

Assigning portal and service permissions to a group

Use the Asset Permissions setting to manage the assets group members can access. Asset Permissions are mapped to the Asset Folders in the Asset Management portal. For information, see FortiCloud Asset Management Guide > Organizing assets.

To update portal and service permissions:
  1. Go to IAM User Groups. The IAM User Groups pane is displayed.
  2. Click the Group Name. The Manage IAM User Group > <group_name> page is displayed.
  3. Click the Group Permissions tab.
  4. In the Portal Permissions area, click the Edit button next to an asset.
  5. Configure the user portal permissions:
    6. Permission Description
    Allow Portal Access

    Toggle Yes to allow access to a portal.
    Access Type

    The Access Type is defined by the portal. For example, the access types for Asset Management are:

    • Admin

    • Read Only

    • Read/Write

    Whereas the access types for FortiOS SSO are:

    • SuperAdmin

    • Read Only
    Additional Permission

    Additional permissions vary depending on the portal.

    Asset Management:

    • Recieve Renewal Notification

    FortiCare (Read Only or Read/Write)

    • Customer Serivce

    • Technical Assistance

    • RMA/DOA

    Note

    Some portals have user roles that are specific to that portal. When a portal has a unique user role, the Custom option is displayed. For information about the role, see the product's documentation.
  6. Click Confirm.
  7. Configure the Cloud Management & Services settings.
    1. Click the plus (+) sign, and select a service from the list.
    2. Click the Edit button.
    3. Configure the service permissions.
      4. Permission Description
      Allow Portal Access Toggle Yes to grant access to the service.
      AccessType

      The Access Type is defined by the portal. For example, the access types for Asset Management are:

      • Admin

      • Read Only

      • Read/Write

      Whereas the access types for FortiOS SSO are:

      • SuperAdmin

      • Read Only
    4. Click Confirm.
  8. Click Update.