Configuring guest access
A visitor to your premises may need a user account on your network during their stay. If you are hosting a large event, such as a conference, you may need to create many temporary accounts for the attendees. You can create many guest accounts simultaneously using randomly generated user IDs and passwords to reduce your workload for these large events.
The following describes managing guest access:
- Create one or more guest user groups. All members of a group have the same user ID type, password type, information fields used, and type and time of expiry.
- Create guest accounts.
- Use captive portal authentication and select the appropriate guest group.
- The guest receives an email, SMS message, or printout containing their user ID and password from the FortiOS administrator.
- The guest logs onto the network using the provided credentials.
- After the configured expiry time, the credentials are no longer valid.
This configuration consists of the following steps:
- Add an SMS service.
- Create a guest management administrator.
- Create a guest user group.
- Create guest user accounts.
To add an SMS service:
To send SMS notifications to guest users, add an email to SMS service to your FortiGate using the following commands:
config system sms-server
edit <server-name>
set mail-server <server-name>
next
end
To create a guest management administrator:
- Go to System > Administrators.
- Click Create New > Administrator.
- Enable Restrict admin to guest account provisioning only.
- For Guest Group, select the desired guest groups.
To create a guest user group:
The guest group configuration determines the provided fields when you create a guest user account.
- Go to User & Authentication > User Groups.
- Click Create New.
- For Type, select Guest.
- If desired, enable Batch Guest Account Creation. When this is enabled, the following is true:
- User IDs and passwords are auto-generated.
- User accounts only have the User ID, Password, and Expiration fields. You can only edit the Expiration field. If the expiry time is a duration, such as eight hours, the countdown starts at initial login.
- You can print the account information to provide to the guest. Guests do not receive email or SMS notifications.
- For User ID, select one of the following:
Option
Description
Email
Guest's email address.
Auto Generated
FortiOS creates a random user ID for the guest.
Specify
The administrator assigns a user ID to the guest.
- For Password, select one of the following:
Option
Description
Disable
No password.
Auto Generated
FortiOS creates a random password for the guest.
Specify
The administrator assigns a password to the guest.
- For Start Countdown, select one of the following:
Option
Description
On Account Creation
FortiOS counts expiry time from time of account creation.
After First Login
FortiOS counts expiry time from the guest's first login.
- For Time, configure the expiry time. You can change this for individual users.
- Configure any other field as required, then click OK.
Creating guest user accounts
To create a guest user account:
- Go to User & Authentication > Guest Management.
- Select the desired guest group.
- Click Create New.
- Configure the guest as desired.
- Click OK.
To create multiple guest user accounts automatically:
- Go to User & Authentication > Guest Management.
- Select the desired guest group. This group must have Batch Guest Account Creation enabled.
- Click Create New > Multiple Users.
- Enter the Number of Accounts.
- If desired, change the expiry.
- Click OK.