User types
You can configure FortiOS users in FortiOS or on an external authentication server. The following summarizes user account types and authentication in FortiOS:
User type |
Authentication |
---|---|
Local |
Username and password must match a user account stored in FortiOS. Authentication by FortiOS security policy. |
Remote |
Username and password must match a user account stored in FortiOS and on the remote authentication server. FortiOS supports LDAP, RADIUS, and TACACS+ servers. |
Authentication server |
A FortiOS user group can include user accounts or groups that exist on a remote authentication server. |
FSSO |
Microsoft Windows or Novell network users can use their network credentials to access resources through FortiOS. You can control access using FSSO user groups that contain Windows or Novell user groups as members. |
PKI/peer |
Digital certificate holder who authenticates using a client certificate. No password is required unless two-factor authentication is enabled. |
IM |
FortiOS does not authenticate IM users. FortiOS allows or blocks each IM user from accessing IM protocols. A global policy for each IM protocol governs unknown users' access to these protocols. |
Guest |
Guest user accounts are temporary. The account expires after a selected period of time. See Guest Management. |