Fortinet black logo

Administration Guide

Configuring IBE users

Configuring IBE users

You can send secured email with Identity Based Encryption (IBE) through the FortiMail unit. The IBE User option lets you manage the IBE mail users and configure secure questions for forgotten passwords and IBE domains. For details about how to use IBE service, see FortiMail IBE configuration workflow.

This section contains the following topics:

Configuring active users

The Active User tab lets you enable, delete, maintain, and reset the following secured mail recipients:

  • recipients who have received secured mail notifications from the FortiMail unit
  • recipients who have registered or authenticated on the FortiMail unit

To view and manage active users, go to Domain & User > IBE User > Active User.

GUI item

Description

Delete

(button)

Select to remove a selected user in the list.

A deleted user cannot access the FortiMail unit.

Maintenance

(button)

Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required.

The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail.

The Bulk mailbox contains spam that are quarantined by the FortiMail unit.

Reset User

(button)

Click to reset a mail user and require new login information to access the FortiMail unit.

Resetting a user sends the user a new notification and the user needs to re-register on the FortiMail unit.

IBE domain

Select the name of an IBE domain to view its active users.

For more information about IBE domain, see Configuring IBE authentication.

Search

Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria.

To return to the complete user list, clear the search field and press Enter.

Enabled

Select the check box to activate a mail user. A disabled user cannot access the FortiMail unit.

Email

Displays the email address of mail users.

First Name, Last Name

Displays the first and last name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Status

The mail user has four status possibilities:

  • Pre-registered: The FortiMail unit encrypts an email and sends a notification to the recipient.
  • Activated: The mail recipient registers on the FortiMail unit.
  • Password reset: When a mail recipient who is provided with new password to access the FortiMail unit has actually changes the password, this status appears.
  • LDAP: When a mail recipient. who belongs to an IBE domain bound with an LDAP profile authenticates on the FortiMail unit, this status appears. For more information about IBE domain, see Configuring IBE authentication.

Creation Time

Displays when IBE user was registered and created.

Last Access

Displays the time stamp when:

  • the FortiMail unit sends a notification (Pre-registered status)
  • the mail recipient registers on the FortiMail unit (Activated status)
  • a mail user changes the password (Password reset status)
  • a mail recipient, who belongs to an IBE domain, authenticates on the FortiMail unit (LDAP status)

See also

Configuring expired users

Configuring security questions

Configuring IBE authentication

Configuring expired users

Depending on the configuration of User registration expiry time and User inactivity expiry time in the IBE service, if email recipients fail to register or authenticate on the FortiMail unit, or fail to access the FortiMail unit after registration for a certain period of time, they become expired users. For more information about IBE service configuration, see Configuring IBE encryption.

The Expired User tab displays the same information as the Active User tab except that the users in this list have expired. These users need to re-register on the FortiMail unit when a new notification arrives to become active.

GUI item

Description

Delete

(button)

Select to remove a selected user in the list.

A deleted user cannot access the FortiMail unit.

Maintenance

(button)

Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required.

The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail.

The Bulk mailbox contains spam that are quarantined by the FortiMail unit.

IBE domain

Select the name of an IBE domain to view its active users.

For more information about IBE domain, see Configuring IBE authentication.

Search

Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria.

To return to the complete user list, clear the search field and press Enter.

Email

Displays the email address of mail users.

First Name, Last Name

Displays the first name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Last Name

Displays the last name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Status

The mail user has four status possibilities:

  • Pre-registered: The FortiMail unit encrypts an email and sends a notification to the recipient.
  • Activated: The mail recipient registers on the FortiMail unit.
  • Password reset: When a mail recipient who is provided with new password to access the FortiMail unit has actually changes the password, this status appears.
  • LDAP: When a mail recipient. who belongs to an IBE domain bound with an LDAP profile authenticates on the FortiMail unit, this status appears. For more information about IBE domain, see Configuring IBE authentication.

Expiry Time

Displays when the user’s registration expired.

Last Access

Displays the time stamp when the user was last active.

See also

Configuring active users

Configuring security questions

Configuring IBE authentication

Configuring security questions

There are several predefined security questions available to present to mail recipients when they register on the FortiMail unit. You can add questions.

To view the security questions, go to Domain & User > IBE User > Secure Question.

GUI item

Description

Edit

(button)

Select a question and click Edit to modify it. You cannot edit a predefined question except to disable or enable it.

Language

From the drop-down list, select the language that applies to all questions on this page.

Enabled

Select to enable a question. Clear the check box to remove a question from use.

ID

The sequential number of the entry.

Question

Displays the content of the question in the selected language.

Language

Displays the language selected in the Language drop-down list..

To add a new security question
  1. Double-click an empty row beneath the predefined questions.
  2. A dialog appears.

  3. Select Enable to activate the question.
  4. Enter the question in the Question box.
  5. The language is determined by the language choice on the tab.

  6. Click OK.
See also

Configuring active users

Configuring expired users

Configuring IBE authentication

Configuring IBE authentication

When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:

  • recipients of the IBE domains without LDAP authentication profiles need to register to view the email
  • recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile

In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the IBE Domain tab. For details, see Viewing and managing IBE domains.

Go to Domain & User > IBE User > IBE Authentication to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see Configuring LDAP profiles.

To configure IBE authentication rules
  1. Go to Domain & User > IBE User > IBE Authentication.
  2. Click New and configure the following:

GUI item

Description

Domain pattern

Enter a domain name that you want to bind to an LDAP authentication profile.

If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile.

For more information about LDAP profiles, see Configuring LDAP profiles.

LDAP profile

Select the LDAP profile you want to use to authenticate the domain users.

Status

Select to enable this rule.

See also

Configuring active users

Configuring security questions

Configuring security questions

Viewing and managing IBE domains

The FortiMail unit records the domain names of the recipients who register or authenticate on FortiMail.

To view those domains, go to Domain & User > IBE User > IBE Domain.

GUI item

Description

Delete

(button)

Select to remove a selected domain.

Deleting a domain also disables all its users. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit.

Remove All Users

(button)

Select to delete all mail users in a selected domain. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit.

Search

(button)

Select to search IBE domains. A search dialog appears.

Active User Count

Displays the active mail users in a domain. For more information about active users, see Configuring active users.

Expired User Count

Displays the expired mail users in a domain. For more information about active users, see Configuring expired users.

Configuring IBE users

You can send secured email with Identity Based Encryption (IBE) through the FortiMail unit. The IBE User option lets you manage the IBE mail users and configure secure questions for forgotten passwords and IBE domains. For details about how to use IBE service, see FortiMail IBE configuration workflow.

This section contains the following topics:

Configuring active users

The Active User tab lets you enable, delete, maintain, and reset the following secured mail recipients:

  • recipients who have received secured mail notifications from the FortiMail unit
  • recipients who have registered or authenticated on the FortiMail unit

To view and manage active users, go to Domain & User > IBE User > Active User.

GUI item

Description

Delete

(button)

Select to remove a selected user in the list.

A deleted user cannot access the FortiMail unit.

Maintenance

(button)

Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required.

The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail.

The Bulk mailbox contains spam that are quarantined by the FortiMail unit.

Reset User

(button)

Click to reset a mail user and require new login information to access the FortiMail unit.

Resetting a user sends the user a new notification and the user needs to re-register on the FortiMail unit.

IBE domain

Select the name of an IBE domain to view its active users.

For more information about IBE domain, see Configuring IBE authentication.

Search

Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria.

To return to the complete user list, clear the search field and press Enter.

Enabled

Select the check box to activate a mail user. A disabled user cannot access the FortiMail unit.

Email

Displays the email address of mail users.

First Name, Last Name

Displays the first and last name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Status

The mail user has four status possibilities:

  • Pre-registered: The FortiMail unit encrypts an email and sends a notification to the recipient.
  • Activated: The mail recipient registers on the FortiMail unit.
  • Password reset: When a mail recipient who is provided with new password to access the FortiMail unit has actually changes the password, this status appears.
  • LDAP: When a mail recipient. who belongs to an IBE domain bound with an LDAP profile authenticates on the FortiMail unit, this status appears. For more information about IBE domain, see Configuring IBE authentication.

Creation Time

Displays when IBE user was registered and created.

Last Access

Displays the time stamp when:

  • the FortiMail unit sends a notification (Pre-registered status)
  • the mail recipient registers on the FortiMail unit (Activated status)
  • a mail user changes the password (Password reset status)
  • a mail recipient, who belongs to an IBE domain, authenticates on the FortiMail unit (LDAP status)

See also

Configuring expired users

Configuring security questions

Configuring IBE authentication

Configuring expired users

Depending on the configuration of User registration expiry time and User inactivity expiry time in the IBE service, if email recipients fail to register or authenticate on the FortiMail unit, or fail to access the FortiMail unit after registration for a certain period of time, they become expired users. For more information about IBE service configuration, see Configuring IBE encryption.

The Expired User tab displays the same information as the Active User tab except that the users in this list have expired. These users need to re-register on the FortiMail unit when a new notification arrives to become active.

GUI item

Description

Delete

(button)

Select to remove a selected user in the list.

A deleted user cannot access the FortiMail unit.

Maintenance

(button)

Select a user and click this button to manage that user’s mailboxes, such as Inbox, Drafts and Sent. You can check the size of a mailbox and empty a mailbox as required.

The SecureMail mailbox contains the secured email for the user. The encrypted email are put into this mailbox if Pull is selected to retrieve IBE mail.

The Bulk mailbox contains spam that are quarantined by the FortiMail unit.

IBE domain

Select the name of an IBE domain to view its active users.

For more information about IBE domain, see Configuring IBE authentication.

Search

Enter the name of a user, or a partial user name with wildcards, and press Enter. The list of users redisplays with just those users that meet the search criteria.

To return to the complete user list, clear the search field and press Enter.

Email

Displays the email address of mail users.

First Name, Last Name

Displays the first name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Last Name

Displays the last name of a mail user. This information appears when a mail user registers on the FortiMail unit.

Status

The mail user has four status possibilities:

  • Pre-registered: The FortiMail unit encrypts an email and sends a notification to the recipient.
  • Activated: The mail recipient registers on the FortiMail unit.
  • Password reset: When a mail recipient who is provided with new password to access the FortiMail unit has actually changes the password, this status appears.
  • LDAP: When a mail recipient. who belongs to an IBE domain bound with an LDAP profile authenticates on the FortiMail unit, this status appears. For more information about IBE domain, see Configuring IBE authentication.

Expiry Time

Displays when the user’s registration expired.

Last Access

Displays the time stamp when the user was last active.

See also

Configuring active users

Configuring security questions

Configuring IBE authentication

Configuring security questions

There are several predefined security questions available to present to mail recipients when they register on the FortiMail unit. You can add questions.

To view the security questions, go to Domain & User > IBE User > Secure Question.

GUI item

Description

Edit

(button)

Select a question and click Edit to modify it. You cannot edit a predefined question except to disable or enable it.

Language

From the drop-down list, select the language that applies to all questions on this page.

Enabled

Select to enable a question. Clear the check box to remove a question from use.

ID

The sequential number of the entry.

Question

Displays the content of the question in the selected language.

Language

Displays the language selected in the Language drop-down list..

To add a new security question
  1. Double-click an empty row beneath the predefined questions.
  2. A dialog appears.

  3. Select Enable to activate the question.
  4. Enter the question in the Question box.
  5. The language is determined by the language choice on the tab.

  6. Click OK.
See also

Configuring active users

Configuring expired users

Configuring IBE authentication

Configuring IBE authentication

When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:

  • recipients of the IBE domains without LDAP authentication profiles need to register to view the email
  • recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile

In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the IBE Domain tab. For details, see Viewing and managing IBE domains.

Go to Domain & User > IBE User > IBE Authentication to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see Configuring LDAP profiles.

To configure IBE authentication rules
  1. Go to Domain & User > IBE User > IBE Authentication.
  2. Click New and configure the following:

GUI item

Description

Domain pattern

Enter a domain name that you want to bind to an LDAP authentication profile.

If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile.

For more information about LDAP profiles, see Configuring LDAP profiles.

LDAP profile

Select the LDAP profile you want to use to authenticate the domain users.

Status

Select to enable this rule.

See also

Configuring active users

Configuring security questions

Configuring security questions

Viewing and managing IBE domains

The FortiMail unit records the domain names of the recipients who register or authenticate on FortiMail.

To view those domains, go to Domain & User > IBE User > IBE Domain.

GUI item

Description

Delete

(button)

Select to remove a selected domain.

Deleting a domain also disables all its users. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit.

Remove All Users

(button)

Select to delete all mail users in a selected domain. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit.

Search

(button)

Select to search IBE domains. A search dialog appears.

Active User Count

Displays the active mail users in a domain. For more information about active users, see Configuring active users.

Expired User Count

Displays the expired mail users in a domain. For more information about active users, see Configuring expired users.