Fortinet black logo

CLI Reference

user group

Configure user groups.

  config user group
      Description: Configure user groups.
      edit <name>
          set id {integer}
          set group-type [firewall|fsso-service|...]
          set authtimeout {integer}
          set auth-concurrent-override [enable|disable]
          set auth-concurrent-value {integer}
          set http-digest-realm {string}
          set sso-attribute-value {string}
          set member <name1>, <name2>, ...
          config match
              Description: Group matches.
              edit <id>
                  set server-name {string}
                  set group-name {string}
              next
          end
          set user-id [email|auto-generate|...]
          set password [auto-generate|specify|...]
          set user-name [disable|enable]
          set sponsor [optional|mandatory|...]
          set company [optional|mandatory|...]
          set email [disable|enable]
          set mobile-phone [disable|enable]
          set sms-server [fortiguard|custom]
          set sms-custom-server {string}
          set expire-type [immediately|first-successful-login]
          set expire {integer}
          set max-accounts {integer}
          set multiple-guest-add [disable|enable]
          config guest
              Description: Guest User.
              edit <user-id>
                  set name {string}
                  set password {password}
                  set mobile-phone {string}
                  set sponsor {string}
                  set company {string}
                  set email {string}
                  set expiration {user}
                  set comment {var-string}
              next
          end
      next
  end

config user group

Parameter Name Description Type Size
id Group ID. integer Minimum value: 0 Maximum value: 4294967295
group-type Set the group to be for firewall authentication, FSSO, RSSO, or guest users.
firewall: Firewall.
fsso-service: Fortinet Single Sign-On Service.
rsso: RADIUS based Single Sign-On Service.
guest: Guest.
option -
authtimeout Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. integer Minimum value: 0 Maximum value: 43200
auth-concurrent-override Enable/disable overriding the global number of concurrent authentication sessions for this user group.
enable: Enable auth-concurrent-override.
disable: Disable auth-concurrent-override.
option -
auth-concurrent-value Maximum number of concurrent authenticated connections per user (0 - 100). integer Minimum value: 0 Maximum value: 100
http-digest-realm Realm attribute for MD5-digest authentication. string Maximum length: 35
sso-attribute-value Name of the RADIUS user group that this local user group represents. string Maximum length: 511
member <name> Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.
Group member name.
string Maximum length: 511
user-id Guest user ID type.
email: Email address.
auto-generate: Automatically generate.
specify: Specify.
option -
password Guest user password type.
auto-generate: Automatically generate.
specify: Specify.
disable: Disable.
option -
user-name Enable/disable the guest user name entry.
disable: Enable setting.
enable: Disable setting.
option -
sponsor Set the action for the sponsor guest user field.
optional: Optional.
mandatory: Mandatory.
disabled: Disabled.
option -
company Set the action for the company guest user field.
optional: Optional.
mandatory: Mandatory.
disabled: Disabled.
option -
email Enable/disable the guest user email address field.
disable: Enable setting.
enable: Disable setting.
option -
mobile-phone Enable/disable the guest user mobile phone number field.
disable: Enable setting.
enable: Disable setting.
option -
sms-server Send SMS through FortiGuard or other external server.
fortiguard: Send SMS by FortiGuard.
custom: Send SMS by custom server.
option -
sms-custom-server SMS server. string Maximum length: 35
expire-type Determine when the expiration countdown begins.
immediately: Immediately.
first-successful-login: First successful login.
option -
expire Time in seconds before guest user accounts expire. (1 - 31536000 sec) integer Minimum value: 1 Maximum value: 31536000
max-accounts Maximum number of guest accounts that can be created for this group (0 means unlimited). integer Minimum value: 0 Maximum value: 1024
multiple-guest-add Enable/disable addition of multiple guests.
disable: Enable setting.
enable: Disable setting.
option -

config match

Parameter Name Description Type Size
server-name Name of remote auth server. string Maximum length: 35
group-name Name of matching user or group on remote authentication server. string Maximum length: 511

config guest

Parameter Name Description Type Size
name Guest name. string Maximum length: 64
password Guest password. password Not Specified
mobile-phone Mobile phone. string Maximum length: 35
sponsor Set the action for the sponsor guest user field. string Maximum length: 35
company Set the action for the company guest user field. string Maximum length: 35
email Email. string Maximum length: 64
expiration Expire time. user Not Specified
comment Comment. var-string Maximum length: 255

Configure user groups.

  config user group
      Description: Configure user groups.
      edit <name>
          set id {integer}
          set group-type [firewall|fsso-service|...]
          set authtimeout {integer}
          set auth-concurrent-override [enable|disable]
          set auth-concurrent-value {integer}
          set http-digest-realm {string}
          set sso-attribute-value {string}
          set member <name1>, <name2>, ...
          config match
              Description: Group matches.
              edit <id>
                  set server-name {string}
                  set group-name {string}
              next
          end
          set user-id [email|auto-generate|...]
          set password [auto-generate|specify|...]
          set user-name [disable|enable]
          set sponsor [optional|mandatory|...]
          set company [optional|mandatory|...]
          set email [disable|enable]
          set mobile-phone [disable|enable]
          set sms-server [fortiguard|custom]
          set sms-custom-server {string}
          set expire-type [immediately|first-successful-login]
          set expire {integer}
          set max-accounts {integer}
          set multiple-guest-add [disable|enable]
          config guest
              Description: Guest User.
              edit <user-id>
                  set name {string}
                  set password {password}
                  set mobile-phone {string}
                  set sponsor {string}
                  set company {string}
                  set email {string}
                  set expiration {user}
                  set comment {var-string}
              next
          end
      next
  end

config user group

Parameter Name Description Type Size
id Group ID. integer Minimum value: 0 Maximum value: 4294967295
group-type Set the group to be for firewall authentication, FSSO, RSSO, or guest users.
firewall: Firewall.
fsso-service: Fortinet Single Sign-On Service.
rsso: RADIUS based Single Sign-On Service.
guest: Guest.
option -
authtimeout Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout. integer Minimum value: 0 Maximum value: 43200
auth-concurrent-override Enable/disable overriding the global number of concurrent authentication sessions for this user group.
enable: Enable auth-concurrent-override.
disable: Disable auth-concurrent-override.
option -
auth-concurrent-value Maximum number of concurrent authenticated connections per user (0 - 100). integer Minimum value: 0 Maximum value: 100
http-digest-realm Realm attribute for MD5-digest authentication. string Maximum length: 35
sso-attribute-value Name of the RADIUS user group that this local user group represents. string Maximum length: 511
member <name> Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.
Group member name.
string Maximum length: 511
user-id Guest user ID type.
email: Email address.
auto-generate: Automatically generate.
specify: Specify.
option -
password Guest user password type.
auto-generate: Automatically generate.
specify: Specify.
disable: Disable.
option -
user-name Enable/disable the guest user name entry.
disable: Enable setting.
enable: Disable setting.
option -
sponsor Set the action for the sponsor guest user field.
optional: Optional.
mandatory: Mandatory.
disabled: Disabled.
option -
company Set the action for the company guest user field.
optional: Optional.
mandatory: Mandatory.
disabled: Disabled.
option -
email Enable/disable the guest user email address field.
disable: Enable setting.
enable: Disable setting.
option -
mobile-phone Enable/disable the guest user mobile phone number field.
disable: Enable setting.
enable: Disable setting.
option -
sms-server Send SMS through FortiGuard or other external server.
fortiguard: Send SMS by FortiGuard.
custom: Send SMS by custom server.
option -
sms-custom-server SMS server. string Maximum length: 35
expire-type Determine when the expiration countdown begins.
immediately: Immediately.
first-successful-login: First successful login.
option -
expire Time in seconds before guest user accounts expire. (1 - 31536000 sec) integer Minimum value: 1 Maximum value: 31536000
max-accounts Maximum number of guest accounts that can be created for this group (0 means unlimited). integer Minimum value: 0 Maximum value: 1024
multiple-guest-add Enable/disable addition of multiple guests.
disable: Enable setting.
enable: Disable setting.
option -

config match

Parameter Name Description Type Size
server-name Name of remote auth server. string Maximum length: 35
group-name Name of matching user or group on remote authentication server. string Maximum length: 511

config guest

Parameter Name Description Type Size
name Guest name. string Maximum length: 64
password Guest password. password Not Specified
mobile-phone Mobile phone. string Maximum length: 35
sponsor Set the action for the sponsor guest user field. string Maximum length: 35
company Set the action for the company guest user field. string Maximum length: 35
email Email. string Maximum length: 64
expiration Expire time. user Not Specified
comment Comment. var-string Maximum length: 255