Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate Cloud 25.4.0 Administration Guide
    25.4.0
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    General Settings

    General Settings

    You can add and manage users from Settings > General Settings. The General Settings page includes different user types, including Identity & Access Management (IAM) and FortiGate Cloud account users. General Settings displays a key icon beside the primary account.

    The User settings page contains the following columns:

    Column

    Description

    Login ID

    Email address that the user uses to log in to the FortiGate Cloud. This column also displays the region that each user can access and their role.

    Role

    Displays the user role.

    User Type

    Displays the type of user. User types include the following:

    • API: an API user only has the ability to call the FortiGate Cloud API. FortiCare manages API users and their access permissions. API users are subusers of the primary account. See API access.
    • FortiGate Cloud: Local FortiGate Cloud user.
    • IAM: see IAM users.
    • Third Party: user who authenticates using an external identity provider (IdP). Configuring an external IdP requires FortiCare and FortiAuthenticator support.

    Aliases

    Name of the user associated with the user account. You may want to edit a username to make it easier to identify who is using that account. You can edit the username by clicking the Edit icon in the Action column.

    Status

    Status of the user account. The status can be one of the following:

    • Active: user who has activated their account.
    • Inactive: user to whom an activation email has been sent, but has not activated their account yet.

    IAM and IdP users can only view their own account and edit their language settings on this page.

    You can enable or disable cloud access anonymous mode for a user. Alternately Cloud access anonymous mode can be configured at the organization level. See OU General settings.

    When you run a function in FortiGate Cloud that applies to FortiGates, such as running a script, FortiGate Cloud may not pass the actual username of the user who performed the action to FortiOS:

    When remotely accessing a FortiGate from FortiGate Cloud, one of the following occurs:

    • If Cloud Access Anonymous Mode is enabled, FortiGate Cloud passes the username of the FortiGate Cloud user who performed the action as a randomized @fortigatecloud.com email address, such as 4aa567e55bc8@fortigatecloud.com, to FortiOS.
    • If Cloud Access Anonymous Mode is disabled, FortiGate Cloud passes the actual username of the FortiGate Cloud user who performed the action to FortiOS.

    For other management features that a user can perform from FortiGate Cloud, such as running a script, FortiGate Cloud passes the username of the FortiGate Cloud user who performed the action as FortiGateCloud to FortiOS.

    Therefore, when viewing logs on the affected FortiGate, you may see 4aa567e55bc8@fortigatecloud.com or FortiGateCloud as a username. For managed security service provider customers, this provides enhanced security by preventing subusers from seeing the primary account email address in the FortiGate logs.

    To enable or disable cloud access anonymous mode:

    1. Go to Settings > General Settings.

    2. Enable or disable Cloud Access Anonymous Mode.

      You may be unable to change this setting when the organization administrator has enabled/disabled the setting at the organization level.

    Previous
    Next

    General Settings

    General Settings

    You can add and manage users from Settings > General Settings. The General Settings page includes different user types, including Identity & Access Management (IAM) and FortiGate Cloud account users. General Settings displays a key icon beside the primary account.

    The User settings page contains the following columns:

    Column

    Description

    Login ID

    Email address that the user uses to log in to the FortiGate Cloud. This column also displays the region that each user can access and their role.

    Role

    Displays the user role.

    User Type

    Displays the type of user. User types include the following:

    • API: an API user only has the ability to call the FortiGate Cloud API. FortiCare manages API users and their access permissions. API users are subusers of the primary account. See API access.
    • FortiGate Cloud: Local FortiGate Cloud user.
    • IAM: see IAM users.
    • Third Party: user who authenticates using an external identity provider (IdP). Configuring an external IdP requires FortiCare and FortiAuthenticator support.

    Aliases

    Name of the user associated with the user account. You may want to edit a username to make it easier to identify who is using that account. You can edit the username by clicking the Edit icon in the Action column.

    Status

    Status of the user account. The status can be one of the following:

    • Active: user who has activated their account.
    • Inactive: user to whom an activation email has been sent, but has not activated their account yet.

    IAM and IdP users can only view their own account and edit their language settings on this page.

    You can enable or disable cloud access anonymous mode for a user. Alternately Cloud access anonymous mode can be configured at the organization level. See OU General settings.

    When you run a function in FortiGate Cloud that applies to FortiGates, such as running a script, FortiGate Cloud may not pass the actual username of the user who performed the action to FortiOS:

    When remotely accessing a FortiGate from FortiGate Cloud, one of the following occurs:

    • If Cloud Access Anonymous Mode is enabled, FortiGate Cloud passes the username of the FortiGate Cloud user who performed the action as a randomized @fortigatecloud.com email address, such as 4aa567e55bc8@fortigatecloud.com, to FortiOS.
    • If Cloud Access Anonymous Mode is disabled, FortiGate Cloud passes the actual username of the FortiGate Cloud user who performed the action to FortiOS.

    For other management features that a user can perform from FortiGate Cloud, such as running a script, FortiGate Cloud passes the username of the FortiGate Cloud user who performed the action as FortiGateCloud to FortiOS.

    Therefore, when viewing logs on the affected FortiGate, you may see 4aa567e55bc8@fortigatecloud.com or FortiGateCloud as a username. For managed security service provider customers, this provides enhanced security by preventing subusers from seeing the primary account email address in the FortiGate logs.

    To enable or disable cloud access anonymous mode:

    1. Go to Settings > General Settings.

    2. Enable or disable Cloud Access Anonymous Mode.

      You may be unable to change this setting when the organization administrator has enabled/disabled the setting at the organization level.

    Previous
    Next