Fortinet white logo
Fortinet white logo

CLI Reference

config user group

config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set authtimeout {integer}
        set company [optional|mandatory|...]
        set email [disable|enable]
        set expire {integer}
        set expire-type [immediately|first-successful-login]
        set group-type [firewall|fsso-service|...]
        config guest
            Description: Guest User.
            edit <id>
                set id {integer}
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
        set http-digest-realm {string}
        set id {integer}
        config match
            Description: Group matches.
            edit <id>
                set id {integer}
                set server-name {string}
                set group-name {string}
            next
        end
        set max-accounts {integer}
        set member <name1>, <name2>, ...
        set mobile-phone [disable|enable]
        set multiple-guest-add [disable|enable]
        set name {string}
        set password [auto-generate|specify|...]
        set sms-custom-server {string}
        set sms-server [fortiguard|custom]
        set sponsor [optional|mandatory|...]
        set sso-attribute-value {string}
        set user-id [email|auto-generate|...]
        set user-name [disable|enable]
    next
end

config user group

Parameter

Description

Type

Size

Default

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user.

integer

Minimum value: 0 Maximum value: 100

0

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Not Specified

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024 **

0

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

name

Group name.

string

Not Specified

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

sms-custom-server

SMS server.

string

Not Specified

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Not Specified

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config guest

Parameter

Description

Type

Size

Default

id

Guest ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

user-id

Guest ID.

string

Not Specified

name

Guest name.

string

Not Specified

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Not Specified

sponsor

Set the action for the sponsor guest user field.

string

Not Specified

company

Set the action for the company guest user field.

string

Not Specified

email

Email.

string

Not Specified

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Not Specified

config match

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

server-name

Name of remote auth server.

string

Not Specified

group-name

Name of matching user or group on remote authentication server.

string

Not Specified

config user group

config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set authtimeout {integer}
        set company [optional|mandatory|...]
        set email [disable|enable]
        set expire {integer}
        set expire-type [immediately|first-successful-login]
        set group-type [firewall|fsso-service|...]
        config guest
            Description: Guest User.
            edit <id>
                set id {integer}
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
        set http-digest-realm {string}
        set id {integer}
        config match
            Description: Group matches.
            edit <id>
                set id {integer}
                set server-name {string}
                set group-name {string}
            next
        end
        set max-accounts {integer}
        set member <name1>, <name2>, ...
        set mobile-phone [disable|enable]
        set multiple-guest-add [disable|enable]
        set name {string}
        set password [auto-generate|specify|...]
        set sms-custom-server {string}
        set sms-server [fortiguard|custom]
        set sponsor [optional|mandatory|...]
        set sso-attribute-value {string}
        set user-id [email|auto-generate|...]
        set user-name [disable|enable]
    next
end

config user group

Parameter

Description

Type

Size

Default

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user.

integer

Minimum value: 0 Maximum value: 100

0

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

0

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

expire

Time in seconds before guest user accounts expire.

integer

Minimum value: 1 Maximum value: 31536000

14400

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Not Specified

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024 **

0

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

name

Group name.

string

Not Specified

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

sms-custom-server

SMS server.

string

Not Specified

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Not Specified

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

** Values may differ between models.

config guest

Parameter

Description

Type

Size

Default

id

Guest ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

user-id

Guest ID.

string

Not Specified

name

Guest name.

string

Not Specified

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Not Specified

sponsor

Set the action for the sponsor guest user field.

string

Not Specified

company

Set the action for the company guest user field.

string

Not Specified

email

Email.

string

Not Specified

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Not Specified

config match

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

server-name

Name of remote auth server.

string

Not Specified

group-name

Name of matching user or group on remote authentication server.

string

Not Specified