Fortinet black logo

CLI Reference

config user group

config user group

Configure user groups.

config user group

Description: Configure user groups.

edit <name>

set id {integer}

set group-type [firewall|fsso-service|...]

set authtimeout {integer}

set auth-concurrent-override [enable|disable]

set auth-concurrent-value {integer}

set http-digest-realm {string}

set sso-attribute-value {string}

set member <name1>, <name2>, ...

config match

Description: Group matches.

edit <id>

set server-name {string}

set group-name {string}

next

end

set user-id [email|auto-generate|...]

set password [auto-generate|specify|...]

set user-name [disable|enable]

set sponsor [optional|mandatory|...]

set company [optional|mandatory|...]

set email [disable|enable]

set mobile-phone [disable|enable]

set sms-server [fortiguard|custom]

set sms-custom-server {string}

set expire-type [immediately|first-successful-login]

set expire {integer}

set max-accounts {integer}

set multiple-guest-add [disable|enable]

config guest

Description: Guest User.

edit <id>

set user-id {string}

set name {string}

set password {password}

set mobile-phone {string}

set sponsor {string}

set company {string}

set email {string}

set expiration {user}

set comment {var-string}

next

end

next

end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Not Specified

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Not Specified

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Not Specified

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 500 **

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Not Specified

group-name

Name of matching user or group on remote authentication server.

string

Not Specified

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Not Specified

name

Guest name.

string

Not Specified

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Not Specified

sponsor

Set the action for the sponsor guest user field.

string

Not Specified

company

Set the action for the company guest user field.

string

Not Specified

email

Email.

string

Not Specified

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Not Specified

config user group

Configure user groups.

config user group

Description: Configure user groups.

edit <name>

set id {integer}

set group-type [firewall|fsso-service|...]

set authtimeout {integer}

set auth-concurrent-override [enable|disable]

set auth-concurrent-value {integer}

set http-digest-realm {string}

set sso-attribute-value {string}

set member <name1>, <name2>, ...

config match

Description: Group matches.

edit <id>

set server-name {string}

set group-name {string}

next

end

set user-id [email|auto-generate|...]

set password [auto-generate|specify|...]

set user-name [disable|enable]

set sponsor [optional|mandatory|...]

set company [optional|mandatory|...]

set email [disable|enable]

set mobile-phone [disable|enable]

set sms-server [fortiguard|custom]

set sms-custom-server {string}

set expire-type [immediately|first-successful-login]

set expire {integer}

set max-accounts {integer}

set multiple-guest-add [disable|enable]

config guest

Description: Guest User.

edit <id>

set user-id {string}

set name {string}

set password {password}

set mobile-phone {string}

set sponsor {string}

set company {string}

set email {string}

set expiration {user}

set comment {var-string}

next

end

next

end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Not Specified

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Not Specified

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Not Specified

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 500 **

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Not Specified

group-name

Name of matching user or group on remote authentication server.

string

Not Specified

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Not Specified

name

Guest name.

string

Not Specified

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Not Specified

sponsor

Set the action for the sponsor guest user field.

string

Not Specified

company

Set the action for the company guest user field.

string

Not Specified

email

Email.

string

Not Specified

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Not Specified