Administrators can use remote authentication, such as LDAP, to connect to the FortiGate.
Setting up remote authentication for administrators includes the following steps:
- Go to User & Authentication > LDAP Servers and select Create New.
- Enter the server Name and Server IP/Name.
- Enter the Common Name Identifier and Distinguished Name.
- Set the Bind Type to Regular and enter the Username and Password.
- Click OK.
config user ldap edit <ldap_server_name> set server <server_ip> set cnid "cn" set dn "dc=XYZ,dc=fortinet,dc=COM" set type regular set username "cn=Administrator,dc=XYA, dc=COM" set password <password> next end
After configuring the LDAP server, create a user group that includes that LDAP server.
- Go to User & Authentication > User Groups and select Create New.
- Enter a Name for the group.
- In the Remote groups section, select Create New.
- Select the Remote Server from the dropdown list.
- Click OK.
config user group edit <Group_name> set member "ldap_server_name" next end
After configuring the LDAP server and adding it to a user group, create a new administrator. For this administrator, instead of entering a password, use the new user group and the wildcard option for authentication.
- Go to System > Administrators.
- Select Create New > Administrator.
- Specify the Username.
- Set Type to Match a user on a remote server group.
- In Remote User Group, select the user group you created.
- Select Wildcard.