Configuring IBE users
You can send secured email with Identity Based Encryption (IBE) through the FortiMail unit. The IBE User option lets you manage the IBE mail users and configure secure questions for forgotten passwords and IBE domains. For details about how to use IBE service, see FortiMail IBE configuration workflow.
This section contains the following topics:
- Configuring active users
- Configuring expired users
- Configuring security questions
- Configuring IBE authentication
- Viewing and managing IBE domains
Configuring active users
The Active User tab lets you enable, delete, maintain, and reset the following secured mail recipients:
- recipients who have received secured mail notifications from the FortiMail unit
- recipients who have registered or authenticated on the FortiMail unit
To view and manage active users, go to Domain & User > IBE User > Active User.
GUI item |
Description |
Delete (button) |
Select to remove a selected user in the list. A deleted user cannot access the FortiMail unit. |
Maintenance (button) |
Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required. The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail. The Bulk mailbox contains spam that are quarantined by the FortiMail unit. |
(button) |
Click to reset a mail user and require new login information to access the FortiMail unit. Resetting a user sends the user a new notification and the user needs to re-register on the FortiMail unit. |
IBE domain |
Select the name of an IBE domain to view its active users. For more information about IBE domain, see Configuring IBE authentication. |
Search |
Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria. To return to the complete user list, clear the search field and press Enter. |
Enabled |
Select the check box to activate a mail user. A disabled user cannot access the FortiMail unit. |
|
Displays the email address of mail users. |
First Name, Last Name |
Displays the first and last name of a mail user. This information appears when a mail user registers on the FortiMail unit. |
Status |
The mail user has four status possibilities:
|
Creation Time |
Displays when IBE user was registered and created. |
Last Access |
Displays the time stamp when:
|
See also
Configuring security questions
Configuring IBE authentication
Configuring expired users
Depending on the configuration of User registration expiry time and User inactivity expiry time in the IBE service, if email recipients fail to register or authenticate on the FortiMail unit, or fail to access the FortiMail unit after registration for a certain period of time, they become expired users. For more information about IBE service configuration, see Configuring IBE encryption.
The Expired User tab displays the same information as the Active User tab except that the users in this list have expired. These users need to re-register on the FortiMail unit when a new notification arrives to become active.
GUI item |
Description |
Delete (button) |
Select to remove a selected user in the list. A deleted user cannot access the FortiMail unit. |
Maintenance (button) |
Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required. The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail. The Bulk mailbox contains spam that are quarantined by the FortiMail unit. |
IBE domain |
Select the name of an IBE domain to view its active users. For more information about IBE domain, see Configuring IBE authentication. |
Search |
Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria. To return to the complete user list, clear the search field and press Enter. |
|
Displays the email address of mail users. |
First Name, Last Name |
Displays the first name of a mail user. This information appears when a mail user registers on the FortiMail unit. |
Last Name |
Displays the last name of a mail user. This information appears when a mail user registers on the FortiMail unit. |
Status |
The mail user has four status possibilities:
|
Expiry Time |
Displays when the user’s registration expired. |
Last Access |
Displays the time stamp when the user was last active. |
See also
Configuring security questions
Configuring IBE authentication
Configuring security questions
There are several predefined security questions available to present to mail recipients when they register on the FortiMail unit. You can add questions.
To view the security questions, go to Domain & User > IBE User > Secure Question.
GUI item |
Description |
Edit (button) |
Select a question and click Edit to modify it. You cannot edit a predefined question except to disable or enable it. |
From the drop-down list, select the language that applies to all questions on this page. |
|
Enabled |
Select to enable a question. Clear the check box to remove a question from use. |
ID |
The sequential number of the entry. |
Question |
Displays the content of the question in the selected language. |
Language |
Displays the language selected in the Language drop-down list.. |
To add a new security question
- Double-click an empty row beneath the predefined questions.
- Select Enable to activate the question.
- Enter the question in the Question box.
- Click OK.
A dialog appears.
The language is determined by the language choice on the tab.
See also
Configuring IBE authentication
Configuring IBE authentication
When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:
- recipients of the IBE domains without LDAP authentication profiles need to register to view the email
- recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile
In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the IBE Domain tab. For details, see Viewing and managing IBE domains.
Go to Domain & User > IBE User > IBE Authentication to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see Configuring LDAP profiles.
To configure IBE authentication rules
- Go to Domain & User > IBE User > IBE Authentication.
- Click New and configure the following:
GUI item |
Description |
Domain pattern |
Enter a domain name that you want to bind to an LDAP authentication profile. If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile. For more information about LDAP profiles, see Configuring LDAP profiles. |
LDAP profile |
Select the LDAP profile you want to use to authenticate the domain users. |
Status |
Select to enable this rule. |
See also
Configuring security questions
Configuring security questions
Viewing and managing IBE domains
The FortiMail unit records the domain names of the recipients who register or authenticate on FortiMail.
To view those domains, go to Domain & User > IBE User > IBE Domain.
GUI item |
Description |
Delete (button) |
Select to remove a selected domain. Deleting a domain also disables all its users. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit. |
Remove All Users (button) |
Select to delete all mail users in a selected domain. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit. |
Search (button) |
Select to search IBE domains. A search dialog appears. |
Active User Count |
Displays the active mail users in a domain. For more information about active users, see Configuring active users. |
Expired User Count |
Displays the expired mail users in a domain. For more information about active users, see Configuring expired users. |