Fortinet white logo
Fortinet white logo

User Guide

Authorization Policies

Authorization Policies

The Authorization Policy enables different authorization to users on different devices. For example, allowing users on corporate devices to access internal resources, while giving users on personal devices less access to sensitive data, for example, allowing access only to the internet. For example, administrators can add devices to a list using their MAC address as the identifier and then write a policy so that upon a RADIUS authentication the system can assign a different authorization if the calling-station-id (MAC Address) is in the admin defined list. An authorization policy assigns an authorization profile for any successfully authenticated user based on the conditions configured. You can Clone the authorization policy to reuse configurations.

  1. Enter a Name and Description for your authorization policy.

  2. Set access conditions based on the available attribute types.

    The access rule conditions configured here are matched to assign the appropriate Authorization Profile.

  • Day of Week
  • Group Membership
  • RADIUS
  • Time of Day
  • Select an Authorization Profile you want to assign to the users/devices that matches configured the authorization rule conditions.
  • Authorization Policies

    Authorization Policies

    The Authorization Policy enables different authorization to users on different devices. For example, allowing users on corporate devices to access internal resources, while giving users on personal devices less access to sensitive data, for example, allowing access only to the internet. For example, administrators can add devices to a list using their MAC address as the identifier and then write a policy so that upon a RADIUS authentication the system can assign a different authorization if the calling-station-id (MAC Address) is in the admin defined list. An authorization policy assigns an authorization profile for any successfully authenticated user based on the conditions configured. You can Clone the authorization policy to reuse configurations.

    1. Enter a Name and Description for your authorization policy.

    2. Set access conditions based on the available attribute types.

      The access rule conditions configured here are matched to assign the appropriate Authorization Profile.

    • Day of Week
    • Group Membership
    • RADIUS
    • Time of Day
  • Select an Authorization Profile you want to assign to the users/devices that matches configured the authorization rule conditions.