Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 5.2.1 Administration Guide
    5.2.1
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Users

    Users

    The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

    To add a user:
    1. Click the Add User button ().
    2. Fill in the displayed window.

    3. Define this user’s password. Make sure to remember it and notify the user about this password.
    4. Select the user’s role. The system comes with the following predefined user roles:

      Role

      Description

      AdminHighest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
      Senior Analyst

      Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.

      Similar to admin users but without system configuration privileges under the ADMINISTRATION tab. A senior analyst can view information and perform actions, such as marking security events as handled, changing policies and defining exceptions, but cannot access the system configuration options under the ADMINISTRATION tab.

      Analyst

      SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

      Similar to senior analyst users but without access to security configuration. An analyst can view information and perform actions, such as marking security events as handled, but cannot access the ADMINISTRATION tab or define/change policies.

      IT

      IT staff who can define settings related to the FortiEDR integration with the customer ecosystem.

      This role has system configuration access only. They can deploy and upgrade system components and perform system integration with external systems using the ADMINISTRATION tab but do not have access to other areas, such as security configuration, alert monitoring, or Forensics options.

      Read-Only

      Basic role with read-only access to all functions except system configuration.

      Note

      For Multi-tenancy (organizations) systems, you can also configure the user with role-specific access to all organizations.

    5. Select any advanced options as needed. Some options are available to users with specific permissions only.

      Option

      Description

      Rest API

      Specifies whether to allow the user to access the FortiEDR Central Manager through API calls.

      Note

      For more information about APIs, see the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

      Custom script

      Specifies whether to allow the user to upload and manage (add, modify and delete) Python scripts that call third-party system APIs (see Integrations). Those scripts will then be automatically triggered by FortiEDR as incident responses.

      Note

      This option is only available to users with Admin and IT permissions.

      Establish FortiEDR Connect sessions Specifies whether to allow the user to use FortiEDR Connect capabilities which provide direct access to FortiEDR-protected devices running on Windows through a remote Shell connection, as described in FortiEDR Connect.
      Note

      This option is only available to users with Admin, Analyst, and Senior Analyst permissions. This option takes effect only when the Allow FortiEDR Connect - Remote Shell Connection checkbox is selected under Administration > Tools, which means the FortiEDR Connect functionality is enabled at the organization level.

    6. Select the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user.
    7. Click Save.
    Previous
    Next

    Users

    Users

    The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

    To add a user:
    1. Click the Add User button ().
    2. Fill in the displayed window.

    3. Define this user’s password. Make sure to remember it and notify the user about this password.
    4. Select the user’s role. The system comes with the following predefined user roles:

      Role

      Description

      AdminHighest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
      Senior Analyst

      Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.

      Similar to admin users but without system configuration privileges under the ADMINISTRATION tab. A senior analyst can view information and perform actions, such as marking security events as handled, changing policies and defining exceptions, but cannot access the system configuration options under the ADMINISTRATION tab.

      Analyst

      SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

      Similar to senior analyst users but without access to security configuration. An analyst can view information and perform actions, such as marking security events as handled, but cannot access the ADMINISTRATION tab or define/change policies.

      IT

      IT staff who can define settings related to the FortiEDR integration with the customer ecosystem.

      This role has system configuration access only. They can deploy and upgrade system components and perform system integration with external systems using the ADMINISTRATION tab but do not have access to other areas, such as security configuration, alert monitoring, or Forensics options.

      Read-Only

      Basic role with read-only access to all functions except system configuration.

      Note

      For Multi-tenancy (organizations) systems, you can also configure the user with role-specific access to all organizations.

    5. Select any advanced options as needed. Some options are available to users with specific permissions only.

      Option

      Description

      Rest API

      Specifies whether to allow the user to access the FortiEDR Central Manager through API calls.

      Note

      For more information about APIs, see the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

      Custom script

      Specifies whether to allow the user to upload and manage (add, modify and delete) Python scripts that call third-party system APIs (see Integrations). Those scripts will then be automatically triggered by FortiEDR as incident responses.

      Note

      This option is only available to users with Admin and IT permissions.

      Establish FortiEDR Connect sessions Specifies whether to allow the user to use FortiEDR Connect capabilities which provide direct access to FortiEDR-protected devices running on Windows through a remote Shell connection, as described in FortiEDR Connect.
      Note

      This option is only available to users with Admin, Analyst, and Senior Analyst permissions. This option takes effect only when the Allow FortiEDR Connect - Remote Shell Connection checkbox is selected under Administration > Tools, which means the FortiEDR Connect functionality is enabled at the organization level.

    6. Select the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user.
    7. Click Save.
    Previous
    Next