Fortinet black logo

Cookbook

User types

Copy Link
Copy Doc ID 5be0d1a4-3f0d-11eb-96b9-00505692583a:443027
Download PDF

User types

You can configure FortiOS users in FortiOS or on an external authentication server. The following summarizes user account types and authentication in FortiOS:

User type

Authentication

Local

Username and password must match a user account stored in FortiOS. Authentication by FortiOS security policy.

Remote

Username and password must match a user account stored in FortiOS and on the remote authentication server. FortiOS supports LDAP, RADIUS, and TACACS+ servers.

Authentication server

A FortiOS user group can include user accounts or groups that exist on a remote authentication server.

FSSO

Microsoft Windows or Novell network users can use their network credentials to access resources through FortiOS. You can control access using FSSO user groups that contain Windows or Novell user groups as members.

PKI/peer

Digital certificate holder who authenticates using a client certificate. No password is required unless two-factor authentication is enabled.

IM

FortiOS does not authenticate IM users. FortiOS allows or blocks each IM user from accessing IM protocols. A global policy for each IM protocol governs unknown users' access to these protocols.

Guest

Guest user accounts are temporary. The account expires after a selected period of time. See Guest Management.

User types

You can configure FortiOS users in FortiOS or on an external authentication server. The following summarizes user account types and authentication in FortiOS:

User type

Authentication

Local

Username and password must match a user account stored in FortiOS. Authentication by FortiOS security policy.

Remote

Username and password must match a user account stored in FortiOS and on the remote authentication server. FortiOS supports LDAP, RADIUS, and TACACS+ servers.

Authentication server

A FortiOS user group can include user accounts or groups that exist on a remote authentication server.

FSSO

Microsoft Windows or Novell network users can use their network credentials to access resources through FortiOS. You can control access using FSSO user groups that contain Windows or Novell user groups as members.

PKI/peer

Digital certificate holder who authenticates using a client certificate. No password is required unless two-factor authentication is enabled.

IM

FortiOS does not authenticate IM users. FortiOS allows or blocks each IM user from accessing IM protocols. A global policy for each IM protocol governs unknown users' access to these protocols.

Guest

Guest user accounts are temporary. The account expires after a selected period of time. See Guest Management.