config user local
Configure local users.
config user local
Description: Configure local users.
edit <name>
set id {integer}
set status [enable|disable]
set type [password|radius|...]
set passwd {password}
set ldap-server {string}
set radius-server {string}
set tacacs+-server {string}
set two-factor [disable|fortitoken|...]
set two-factor-authentication [fortitoken|email|...]
set two-factor-notification [email|sms]
set fortitoken {string}
set email-to {string}
set sms-server [fortiguard|custom]
set sms-custom-server {string}
set sms-phone {string}
set passwd-policy {string}
set passwd-time {user}
set authtimeout {integer}
set workstation {string}
set auth-concurrent-override [enable|disable]
set auth-concurrent-value {integer}
set ppk-secret {password-3}
set ppk-identity {string}
set username-case-sensitivity [disable|enable]
next
end
config user local
Parameter name |
Description |
Type |
Size |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
id |
User ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||||||||
status |
Enable/disable allowing the local user to authenticate with the FortiGate unit. |
option |
- |
||||||||||||
|
|
||||||||||||||
type |
Authentication method. |
option |
- |
||||||||||||
|
|
||||||||||||||
passwd |
User's password. |
password |
Not Specified |
||||||||||||
ldap-server |
Name of LDAP server with which the user must authenticate. |
string |
Maximum length: 35 |
||||||||||||
radius-server |
Name of RADIUS server with which the user must authenticate. |
string |
Maximum length: 35 |
||||||||||||
tacacs+-server |
Name of TACACS+ server with which the user must authenticate. |
string |
Maximum length: 35 |
||||||||||||
two-factor |
Enable/disable two-factor authentication. |
option |
- |
||||||||||||
|
|
||||||||||||||
two-factor-authentication |
Authentication method by FortiToken Cloud. |
option |
- |
||||||||||||
|
|
||||||||||||||
two-factor-notification |
Notification method for user activation by FortiToken Cloud. |
option |
- |
||||||||||||
|
|
||||||||||||||
fortitoken |
Two-factor recipient's FortiToken serial number. |
string |
Maximum length: 16 |
||||||||||||
email-to |
Two-factor recipient's email address. |
string |
Maximum length: 63 |
||||||||||||
sms-server |
Send SMS through FortiGuard or other external server. |
option |
- |
||||||||||||
|
|
||||||||||||||
sms-custom-server |
Two-factor recipient's SMS server. |
string |
Maximum length: 35 |
||||||||||||
sms-phone |
Two-factor recipient's mobile phone number. |
string |
Maximum length: 15 |
||||||||||||
passwd-policy |
Password policy to apply to this user, as defined in config user password-policy. |
string |
Maximum length: 35 |
||||||||||||
passwd-time |
Time of the last password update. |
user |
Not Specified |
||||||||||||
authtimeout |
Time in minutes before the authentication timeout for a user is reached. |
integer |
Minimum value: 0 Maximum value: 1440 |
||||||||||||
workstation |
Name of the remote user workstation, if you want to limit the user to authenticate only from a particular workstation. |
string |
Maximum length: 35 |
||||||||||||
auth-concurrent-override |
Enable/disable overriding the policy-auth-concurrent under config system global. |
option |
- |
||||||||||||
|
|
||||||||||||||
auth-concurrent-value |
Maximum number of concurrent logins permitted from the same user. |
integer |
Minimum value: 0 Maximum value: 100 |
||||||||||||
ppk-secret |
IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x). |
password-3 |
Not Specified |
||||||||||||
ppk-identity |
IKEv2 Postquantum Preshared Key Identity. |
string |
Maximum length: 35 |
||||||||||||
username-case-sensitivity |
Enable/disable case sensitivity when performing username matching (uppercase and lowercase letters are treated either as distinct or equivalent). |
option |
- |
||||||||||||
|
|