Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiDeceptor 4.3.0 Administration Guide
    4.3.0
    6.0.1
    6.0.0
    5.3.2
    5.3.1
    5.3.0
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    Administrators

    Administrators

    Use the System > Administrators page to configure administrator user accounts.

    If the admin user's Admin Profile does not have Read Write privilege under System > Admin Profiles, the user can only view and edit their own information.

    The following options are available:

    Create New

    Create a new administrator account.

    Edit

    Edit the selected entry.

    Delete

    Delete the selected entry.

    Test Login

    Test the selected user's login settings. If an error occurs, a debug message appears.

    The following information is displayed:

    Name

    The administrator account name.

    Type

    The administrator type:

    • Local
    • LDAP
    • RADIUS

    Profile

    The Admin Profile the user belongs to.
    To create a new user:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Click Create New.
    3. Configure the following:

      Administrator

      Name of the administrator account. The name must be 1 to 30 characters using upper-case letters, lower-case letters, numbers, or the underscore character (_) for Local and LDAP administrators.

      The character limit for RADIUS server administrators is 64 characters.

      Password, Confirm Password

      Password of the account. The password must be 6 to 64 characters using upper-case letters, lower-case letters, numbers, or special characters.

      This field is available when Type is set to Local.

      Type

      Select Local, LDAP, or RADIUS.

      LDAP Server

      When Type is LDAP, select an LDAP Server. For more information, see LDAP Servers.

      RADIUS Server

      When Type is RADIUS, select a RADIUS Server. For more information, see RADIUS Servers.

      Push notification to mobile if applicable

      Enable FortiToken push notifications for mobile devices.

      This option is available when Type is RADIUS.

      Admin Profile

      Select the Admin Profile.

      Trusted Host 1, Trusted Host 2, Trusted Host 3

      Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

      Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

      Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

      Comments

      Enter an optional comment.

      Setting trusted hosts for administrators limits the computers an administrator can use to log into FortiDeceptor. When you identify a trusted host, FortiDeceptor only accepts the administrator’s login from the configured IP address or subnet. Attempts to log in with the same credentials from another IP address or subnet are dropped.

    4. Click OK.
    To edit a user account:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select and account and click Edit.

      Only the admin user can edit its own settings.

      You must enter the old password before you can set a new password.

    3. Edit the account and click OK.
    To delete one or more user accounts:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select the user account you want to delete.
    3. Click Delete and confirm that you want to delete the user.
    To test LDAP or RADIUS logins:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select an LDAP or RADIUS user to test.
    3. Click Test Login.
    4. Enter the user password.
    5. Click OK.

      If an error occurs, a debug message appears.

    When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken code or the code from email/SMS to complete login or to test login.
    Previous
    Next

    Administrators

    Administrators

    Use the System > Administrators page to configure administrator user accounts.

    If the admin user's Admin Profile does not have Read Write privilege under System > Admin Profiles, the user can only view and edit their own information.

    The following options are available:

    Create New

    Create a new administrator account.

    Edit

    Edit the selected entry.

    Delete

    Delete the selected entry.

    Test Login

    Test the selected user's login settings. If an error occurs, a debug message appears.

    The following information is displayed:

    Name

    The administrator account name.

    Type

    The administrator type:

    • Local
    • LDAP
    • RADIUS

    Profile

    The Admin Profile the user belongs to.
    To create a new user:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Click Create New.
    3. Configure the following:

      Administrator

      Name of the administrator account. The name must be 1 to 30 characters using upper-case letters, lower-case letters, numbers, or the underscore character (_) for Local and LDAP administrators.

      The character limit for RADIUS server administrators is 64 characters.

      Password, Confirm Password

      Password of the account. The password must be 6 to 64 characters using upper-case letters, lower-case letters, numbers, or special characters.

      This field is available when Type is set to Local.

      Type

      Select Local, LDAP, or RADIUS.

      LDAP Server

      When Type is LDAP, select an LDAP Server. For more information, see LDAP Servers.

      RADIUS Server

      When Type is RADIUS, select a RADIUS Server. For more information, see RADIUS Servers.

      Push notification to mobile if applicable

      Enable FortiToken push notifications for mobile devices.

      This option is available when Type is RADIUS.

      Admin Profile

      Select the Admin Profile.

      Trusted Host 1, Trusted Host 2, Trusted Host 3

      Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

      Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3

      Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiDeceptor.

      Comments

      Enter an optional comment.

      Setting trusted hosts for administrators limits the computers an administrator can use to log into FortiDeceptor. When you identify a trusted host, FortiDeceptor only accepts the administrator’s login from the configured IP address or subnet. Attempts to log in with the same credentials from another IP address or subnet are dropped.

    4. Click OK.
    To edit a user account:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select and account and click Edit.

      Only the admin user can edit its own settings.

      You must enter the old password before you can set a new password.

    3. Edit the account and click OK.
    To delete one or more user accounts:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select the user account you want to delete.
    3. Click Delete and confirm that you want to delete the user.
    To test LDAP or RADIUS logins:
    1. Log in using an account with Read/Write access and go to System > Administrators.
    2. Select an LDAP or RADIUS user to test.
    3. Click Test Login.
    4. Enter the user password.
    5. Click OK.

      If an error occurs, a debug message appears.

    When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken code or the code from email/SMS to complete login or to test login.
    Previous
    Next