Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.1 Administration Guide
5.2.1
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Users

Users

The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

To add a user:
  1. Click the Add User button ().
  2. Fill in the displayed window.

  3. Define this user’s password. Make sure to remember it and notify the user about this password.
  4. Select the user’s role. The system comes with the following predefined user roles:

    Role

    Description

    AdminHighest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
    Senior Analyst

    Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.

    Similar to admin users but without system configuration privileges under the ADMINISTRATION tab. A senior analyst can view information and perform actions, such as marking security events as handled, changing policies and defining exceptions, but cannot access the system configuration options under the ADMINISTRATION tab.

    Analyst

    SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

    Similar to senior analyst users but without access to security configuration. An analyst can view information and perform actions, such as marking security events as handled, but cannot access the ADMINISTRATION tab or define/change policies.

    IT

    IT staff who can define settings related to the FortiEDR integration with the customer ecosystem.

    This role has system configuration access only. They can deploy and upgrade system components and perform system integration with external systems using the ADMINISTRATION tab but do not have access to other areas, such as security configuration, alert monitoring, or Forensics options.

    Read-Only

    Basic role with read-only access to all functions except system configuration.

    Note

    For Multi-tenancy (organizations) systems, you can also configure the user with role-specific access to all organizations.

  5. Select any advanced options as needed. Some options are available to users with specific permissions only.

    Option

    Description

    Rest API

    Specifies whether to allow the user to access the FortiEDR Central Manager through API calls.

    Note

    For more information about APIs, see the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

    Custom script

    Specifies whether to allow the user to upload and manage (add, modify and delete) Python scripts that call third-party system APIs (see Integrations). Those scripts will then be automatically triggered by FortiEDR as incident responses.

    Note

    This option is only available to users with Admin and IT permissions.

    Establish FortiEDR Connect sessions Specifies whether to allow the user to use FortiEDR Connect capabilities which provide direct access to FortiEDR-protected devices running on Windows through a remote Shell connection, as described in FortiEDR Connect.
    Note

    This option is only available to users with Admin, Analyst, and Senior Analyst permissions. This option takes effect only when the Allow FortiEDR Connect - Remote Shell Connection checkbox is selected under Administration > Tools, which means the FortiEDR Connect functionality is enabled at the organization level.

  6. Select the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user.
  7. Click Save.
Previous
Next

Users

The USERS option specifies who is allowed to use the FortiEDR Central Manager console. During installation of the FortiEDR Central Manager, you must specify the user name and password of the first FortiEDR Central Manager console user. This is the only user who can log in to the FortiEDR Central Manager console for the first time.

To add a user:
  1. Click the Add User button ().
  2. Fill in the displayed window.

  3. Define this user’s password. Make sure to remember it and notify the user about this password.
  4. Select the user’s role. The system comes with the following predefined user roles:

    Role

    Description

    AdminHighest-level super user that can perform all operations in the FortiEDR Central Manager console for the organization.
    Senior Analyst

    Analysts supervisor who can define security policies in addition to all the actions that can be performed by an Analyst.

    Similar to admin users but without system configuration privileges under the ADMINISTRATION tab. A senior analyst can view information and perform actions, such as marking security events as handled, changing policies and defining exceptions, but cannot access the system configuration options under the ADMINISTRATION tab.

    Analyst

    SOC/MDR service analyst who can perform actions as required in the day-to-day activities of handling events.

    Similar to senior analyst users but without access to security configuration. An analyst can view information and perform actions, such as marking security events as handled, but cannot access the ADMINISTRATION tab or define/change policies.

    IT

    IT staff who can define settings related to the FortiEDR integration with the customer ecosystem.

    This role has system configuration access only. They can deploy and upgrade system components and perform system integration with external systems using the ADMINISTRATION tab but do not have access to other areas, such as security configuration, alert monitoring, or Forensics options.

    Read-Only

    Basic role with read-only access to all functions except system configuration.

    Note

    For Multi-tenancy (organizations) systems, you can also configure the user with role-specific access to all organizations.

  5. Select any advanced options as needed. Some options are available to users with specific permissions only.

    Option

    Description

    Rest API

    Specifies whether to allow the user to access the FortiEDR Central Manager through API calls.

    Note

    For more information about APIs, see the FortiEDR RESTful API Guide. You must log in to the Fortinet Developer Network to access the guide.

    Custom script

    Specifies whether to allow the user to upload and manage (add, modify and delete) Python scripts that call third-party system APIs (see Integrations). Those scripts will then be automatically triggered by FortiEDR as incident responses.

    Note

    This option is only available to users with Admin and IT permissions.

    Establish FortiEDR Connect sessions Specifies whether to allow the user to use FortiEDR Connect capabilities which provide direct access to FortiEDR-protected devices running on Windows through a remote Shell connection, as described in FortiEDR Connect.
    Note

    This option is only available to users with Admin, Analyst, and Senior Analyst permissions. This option takes effect only when the Allow FortiEDR Connect - Remote Shell Connection checkbox is selected under Administration > Tools, which means the FortiEDR Connect functionality is enabled at the organization level.

  6. Select the Require two-factor authentication for this user checkbox if you want to require two-factor authentication for the user.
  7. Click Save.
Previous
Next