Fortinet white logo
Fortinet white logo

User Guide

Settings

Settings

You are required to configure and apply multiple general and specific settings to the guest portal across various tabs displayed on this page.

Portal Pages

You can add or remove features to the guest portal by modifying the selection of pages that should be available to users. In each case, enable pre-auth to make the feature available before authentication and enable post-auth to make the feature available after authentication. If you do not enable either of the options, then the feature is disabled.

The following options can be enabled for the guest portal.

  • Login - Display a screen that will allow a user to Login in.
  • Acceptable Usage Policy - Display the usage policy to access and use the guest portal.
  • Password Change - Display a page allowing the user to change their password.
  • Password Recovery - Display a page allowing password recovery options.
  • Self Service - Display a page that allows a user to create their own account using the self service menu.
  • Device Registration - Display a screen that enables a user to register their own device.
  • Success - Display a screen that shows successful authentication.
  • CC Billing - Display a screen that enables Credit Card Billing.
  • PMS Billing - Display a screen that enables PMS Billing.
  • Welcome Back - Display a welcome back page if the user has authenticated previously.
  • Logout - Display a logout button.
  • Logged Out - Display a logged out page.
  • SmartConnect - Check to enable Smart Connect on the portal.
  • Click Through - Allow access without having to authenticate.
  • My Account - Display My Account details for the user to manage their account once logged in.
  • Session Management - Allow users to close existing sessions when the concurrent session limit is exceeded.
Remember User

You can enable storing guest user credentials in FortiGuest, that are used to login automatically when the user connects again. The credentials are stored based on the browser cookies or device MAC address.

  • Remember Credentials – Select the setting to apply to the remember user option. If you select Let user choose, then the remember user option is displayed in the login page of the guest portal. The guest can enable/disable it.

  • Remember for – Select the time duration for which the credentials are stored, in the number or hours or days.

  • Remember a user by – Select the method for storing the credentials. The following methods are available.

    • Cookies - The user credentials are encrypted and stored in a cookie that is saved in the device browser. When the user connects again, this cookie fetches the credentials, allowing the user to connect automatically without logging in.

    • MAC Address - The MAC address of the device is stored in the database and the credentials are stored in the cache for that MAC address. When the user connects again from the same device and the MAC address match is found in the database, then the user connects automatically without logging in.

    • Initially fetch the credentials using the cookie, if that fails, then retrieve the user credentials using the device MAC address.

Notes:

  • FortiGuest stores user credentials only after successful authentication.

  • This feature is not applicable, if FortiGate/enforcement device is configured with a re-direct URL other than FortiGuest, after authentication.

  • The saved user credentials are deleted if the guest user logs out or changes/resets password.

  • If the Remember Credentials is changed to Never, then all stored credentials saved for that portal are deleted.

General Settings

Based on the configured portal page settings, you are prompted to update the general settings for the guest portal.

  • Enable CAPTCHA - You can enable CAPTCHA for enhanced security. The CAPTCHA is available in the login page of the guest portal.

  • Password recovery method - Select the user password recovery method. FortiGuest sends the new password as per the selected method.
  • Allow session management - Allow users to close existing sessions when the concurrent session limit is exceeded.
Self Service Settings

If you have enabled the self service option for portal pages, you are required to configure these settings.

  • Auto login - If enabled, the user is presented with a login button that allows them to authenticate without providing the new account credentials.
  • Notify guest on reject - If enabled, the user is notified when the account request is rejected.
  • Self Service Account Verification Options - You are required to select the Account approval mode. This field provides the option to Use Event Codes wherein the user is required to provide a valid event code generate an account or Use Sponsor Approval wherein a sponsor must approve the account before it is activated. Update the following parameters for sponsor approval.
    • Verify sponsor email - If this option is enabled, the email address entered by the guest is validated against the internal sponsor database and external authentication servers.
    • Email on approval time out - If this option is enabled, a message is sent to a designated email address after the defined time out period.
    • Approval time out - This is the time window sponsors have to approve or reject the account before a notification email is sent to the designated sponsor.
    • Sponsor email - The email address of the sponsor in charge of dealing with guest accounts waiting for approval.
    • Recurrent notifications - The notification emails are sent recurrently until the account is approved, rejected, or expires.
      Optionally, you can enable the User sponsor approval and event codes option to use both the features.
    • Show Sponsor List - The sponsor list (with valid email addresses only) is displayed. Once enabled, select a sponsor from the Sponsor List Mode that displays the following sponsors.
      • All Sponsors

      • All Local Sponsors

      • All Remote Sponsors

      • Sponsors based on Server Types and select the authentication server type. Sponsors in the selected servers are only displayed in the guest portal page.

      • Sponsors based on User Groups and select the user groups. Sponsors in the selected user groups are only displayed in the guest portal page.
        Note: Microsoft Active Directory and OpenLDAP are the only supported server types options.

  • Device Registration Verification Options - You are required to select the Device account approval mode. This field provides the option to Use sponsor approval, so that a sponsor must approve the account before it is activated.
  • Account Creation - You can configure the account re-creation restrictions. Set the Account creation ban time, that is, the time interval that prevents the creation of self service accounts with the same personal details (email/phone) post the original account creation. You can enforce the ban based on the phone or email address in the Account creation restriction mode. An additional option, None, is also added to NOT enforce this uniqueness in the guest accounts. The following features are applicable, if the user enforces a unique phone or email address.
    • The guest user cannot create a new account with an email address/phone, if an active account with the same email/phone already exists.

    • The email address/phone is a mandatory field in the guest portal, even if it is not set as the username in the username policy.

    • If a guest account exists with the same email address/phone and is inactive, then you can create another account with the same.

    • Since the username is unique, and 2 different accounts cannot exist with the same username, the account's username is pre-fixed with a numeric value

If the user does NOT enforce a unique email address/phone, then guest user can create multiple accounts with the same credentials. The accounts will have different usernames, pre-fix the username with a numeric value.

Notification Settings

Define the notification options to send email and SMS notifications to the guest.

Settings

Settings

You are required to configure and apply multiple general and specific settings to the guest portal across various tabs displayed on this page.

Portal Pages

You can add or remove features to the guest portal by modifying the selection of pages that should be available to users. In each case, enable pre-auth to make the feature available before authentication and enable post-auth to make the feature available after authentication. If you do not enable either of the options, then the feature is disabled.

The following options can be enabled for the guest portal.

  • Login - Display a screen that will allow a user to Login in.
  • Acceptable Usage Policy - Display the usage policy to access and use the guest portal.
  • Password Change - Display a page allowing the user to change their password.
  • Password Recovery - Display a page allowing password recovery options.
  • Self Service - Display a page that allows a user to create their own account using the self service menu.
  • Device Registration - Display a screen that enables a user to register their own device.
  • Success - Display a screen that shows successful authentication.
  • CC Billing - Display a screen that enables Credit Card Billing.
  • PMS Billing - Display a screen that enables PMS Billing.
  • Welcome Back - Display a welcome back page if the user has authenticated previously.
  • Logout - Display a logout button.
  • Logged Out - Display a logged out page.
  • SmartConnect - Check to enable Smart Connect on the portal.
  • Click Through - Allow access without having to authenticate.
  • My Account - Display My Account details for the user to manage their account once logged in.
  • Session Management - Allow users to close existing sessions when the concurrent session limit is exceeded.
Remember User

You can enable storing guest user credentials in FortiGuest, that are used to login automatically when the user connects again. The credentials are stored based on the browser cookies or device MAC address.

  • Remember Credentials – Select the setting to apply to the remember user option. If you select Let user choose, then the remember user option is displayed in the login page of the guest portal. The guest can enable/disable it.

  • Remember for – Select the time duration for which the credentials are stored, in the number or hours or days.

  • Remember a user by – Select the method for storing the credentials. The following methods are available.

    • Cookies - The user credentials are encrypted and stored in a cookie that is saved in the device browser. When the user connects again, this cookie fetches the credentials, allowing the user to connect automatically without logging in.

    • MAC Address - The MAC address of the device is stored in the database and the credentials are stored in the cache for that MAC address. When the user connects again from the same device and the MAC address match is found in the database, then the user connects automatically without logging in.

    • Initially fetch the credentials using the cookie, if that fails, then retrieve the user credentials using the device MAC address.

Notes:

  • FortiGuest stores user credentials only after successful authentication.

  • This feature is not applicable, if FortiGate/enforcement device is configured with a re-direct URL other than FortiGuest, after authentication.

  • The saved user credentials are deleted if the guest user logs out or changes/resets password.

  • If the Remember Credentials is changed to Never, then all stored credentials saved for that portal are deleted.

General Settings

Based on the configured portal page settings, you are prompted to update the general settings for the guest portal.

  • Enable CAPTCHA - You can enable CAPTCHA for enhanced security. The CAPTCHA is available in the login page of the guest portal.

  • Password recovery method - Select the user password recovery method. FortiGuest sends the new password as per the selected method.
  • Allow session management - Allow users to close existing sessions when the concurrent session limit is exceeded.
Self Service Settings

If you have enabled the self service option for portal pages, you are required to configure these settings.

  • Auto login - If enabled, the user is presented with a login button that allows them to authenticate without providing the new account credentials.
  • Notify guest on reject - If enabled, the user is notified when the account request is rejected.
  • Self Service Account Verification Options - You are required to select the Account approval mode. This field provides the option to Use Event Codes wherein the user is required to provide a valid event code generate an account or Use Sponsor Approval wherein a sponsor must approve the account before it is activated. Update the following parameters for sponsor approval.
    • Verify sponsor email - If this option is enabled, the email address entered by the guest is validated against the internal sponsor database and external authentication servers.
    • Email on approval time out - If this option is enabled, a message is sent to a designated email address after the defined time out period.
    • Approval time out - This is the time window sponsors have to approve or reject the account before a notification email is sent to the designated sponsor.
    • Sponsor email - The email address of the sponsor in charge of dealing with guest accounts waiting for approval.
    • Recurrent notifications - The notification emails are sent recurrently until the account is approved, rejected, or expires.
      Optionally, you can enable the User sponsor approval and event codes option to use both the features.
    • Show Sponsor List - The sponsor list (with valid email addresses only) is displayed. Once enabled, select a sponsor from the Sponsor List Mode that displays the following sponsors.
      • All Sponsors

      • All Local Sponsors

      • All Remote Sponsors

      • Sponsors based on Server Types and select the authentication server type. Sponsors in the selected servers are only displayed in the guest portal page.

      • Sponsors based on User Groups and select the user groups. Sponsors in the selected user groups are only displayed in the guest portal page.
        Note: Microsoft Active Directory and OpenLDAP are the only supported server types options.

  • Device Registration Verification Options - You are required to select the Device account approval mode. This field provides the option to Use sponsor approval, so that a sponsor must approve the account before it is activated.
  • Account Creation - You can configure the account re-creation restrictions. Set the Account creation ban time, that is, the time interval that prevents the creation of self service accounts with the same personal details (email/phone) post the original account creation. You can enforce the ban based on the phone or email address in the Account creation restriction mode. An additional option, None, is also added to NOT enforce this uniqueness in the guest accounts. The following features are applicable, if the user enforces a unique phone or email address.
    • The guest user cannot create a new account with an email address/phone, if an active account with the same email/phone already exists.

    • The email address/phone is a mandatory field in the guest portal, even if it is not set as the username in the username policy.

    • If a guest account exists with the same email address/phone and is inactive, then you can create another account with the same.

    • Since the username is unique, and 2 different accounts cannot exist with the same username, the account's username is pre-fixed with a numeric value

If the user does NOT enforce a unique email address/phone, then guest user can create multiple accounts with the same credentials. The accounts will have different usernames, pre-fix the username with a numeric value.

Notification Settings

Define the notification options to send email and SMS notifications to the guest.