Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    26.2.0
    26.2.0

    Configuring wildcard LDAP users for FIC service

    Configuring wildcard LDAP users for FIC service

    Your can use the following commands to configure FortiGate wildcard LDAP users to use FortiIdentity Cloud for MFA.

    config user ldap

    edit "EngLDAP"

    set server "xx.xxx.xx.xx"

    set cnid "uid"

    set dn "dc=srv,dc=world"

    set type regular

    set two-factor fortitoken-cloud

    set username "cn=Manager,dc=srv,dc=world"

    set password ENC LWdyb+/k6e4TtSk070tODaCZAcbgEGKohA==

    next

    end

    Wildcard LDAP users are those of a remote LDAP server user group, whose user configuration is unknown to FortiGate. Each end user should have the following attributes configured on the LDAP server:

    • mail: user_email_address (e.g., mail: user1@abc.com)
    • mobile: user_phone_number (e.g., mobile: +14080123456)
    Note
    • In FortiOS, the "mail" attribute is mandatory and required of each user, while the "mobile" attribute is optional.
    • FIC requires that the phone number be in the format of " +(country_code)(areacode_number)".

    During user configuration, the FortiGate-FIC user APIs are called for add-user, delete-user, modify-user with the following information in each API:

    • Username
    • VDOM name
    • FortiGate serial number (SN)
    • HA cluster membership information (if it's part of an HA configuration)

    If an API requires the user ID, e.g., the delete-user API, FortiOS must use the GET API to retrieve the user ID from FIC.

    Note

    • Wildcard LDAP users are automatically synced from the remote AD/LDAP to FIC by FOS when FOS is configured to use FIC for remote wild card users on the remote AD/LDAP server. The frequency of this auto-sync for wildcard AD/LDAP users is once every 24 hours.

    • sAMAccountName as cnid is not supported before FOS 6.4.6.
    Previous
    Next

    Configuring wildcard LDAP users for FIC service

    Configuring wildcard LDAP users for FIC service

    Your can use the following commands to configure FortiGate wildcard LDAP users to use FortiIdentity Cloud for MFA.

    config user ldap

    edit "EngLDAP"

    set server "xx.xxx.xx.xx"

    set cnid "uid"

    set dn "dc=srv,dc=world"

    set type regular

    set two-factor fortitoken-cloud

    set username "cn=Manager,dc=srv,dc=world"

    set password ENC LWdyb+/k6e4TtSk070tODaCZAcbgEGKohA==

    next

    end

    Wildcard LDAP users are those of a remote LDAP server user group, whose user configuration is unknown to FortiGate. Each end user should have the following attributes configured on the LDAP server:

    • mail: user_email_address (e.g., mail: user1@abc.com)
    • mobile: user_phone_number (e.g., mobile: +14080123456)
    Note
    • In FortiOS, the "mail" attribute is mandatory and required of each user, while the "mobile" attribute is optional.
    • FIC requires that the phone number be in the format of " +(country_code)(areacode_number)".

    During user configuration, the FortiGate-FIC user APIs are called for add-user, delete-user, modify-user with the following information in each API:

    • Username
    • VDOM name
    • FortiGate serial number (SN)
    • HA cluster membership information (if it's part of an HA configuration)

    If an API requires the user ID, e.g., the delete-user API, FortiOS must use the GET API to retrieve the user ID from FIC.

    Note

    • Wildcard LDAP users are automatically synced from the remote AD/LDAP to FIC by FOS when FOS is configured to use FIC for remote wild card users on the remote AD/LDAP server. The frequency of this auto-sync for wildcard AD/LDAP users is once every 24 hours.

    • sAMAccountName as cnid is not supported before FOS 6.4.6.
    Previous
    Next