Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiMail 7.4.0 CLI Reference
    7.4.0
    7.6.1
    7.6.0
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.0
    6.0.4
    6.0.3
    6.0.1
    6.0.0

    system admin

    system admin

    Use this command to configure FortiMail administrator accounts.

    By default, FortiMail units have a single administrator account, admin. For more granular control over administrative access, you can create additional administrator accounts that are restricted to being able to configure a specific protected domain and/or with restricted permissions. For more information, see the FortiMail Administration Guide.

    Syntax

    config system admin

    edit <name_str>

    set status {enable | disable}

    set access {cli | gui | rest}

    set access-profile <profile_name>

    set auth-strategy {cloud | ldap | local | pki | radius | sso}

    set language <lang_str>

    set level {domain | domain-group | system}

    set ldap-profile <profile_name>

    set password <password_str>

    set pkiuser <pkiuser_str>

    set radius-profile <profile_name>

    set sshkey <key_str>

    set sso-profile <profile_name>

    set theme {Blue |Green | Light-Blue | Red}

    set trusted-hosts <host_ipv4mask>

    set webmode {advanced | cloud-api | simple}

    end

    Variable

    Description

    Default

    <name_str>

    Enter the name of the administrator account.

    status {enable | disable}

    Enable to activate the administrator account.

    disable

    access {cli | gui | rest}

    Select the access method allowed for the administrator.

    Access methods require that you also enabled the associated protocols on the network interface where the administrator connects.

    cli gui rest

    access-profile <profile_name>

    Enter the name of an access profile that determines which functional areas the administrator account is allowed to view or affect.

    auth-strategy {cloud | ldap | local | pki | radius | sso}

    Select the local or remote type of authentication that the administrator will be able to use.

    local

    language <lang_str>

    Enter this administrator account’s preference for the display language of the GUI. Available languages vary by whether or not you have installed additional language resource files.

    To view a list of languages, enter a question mark ( ? ).

    english

    level {domain | domain-group | system}

    Select the administrator's access level.

    system

    ldap-profile <profile_name>

    If auth-strategy is ldap, enter the LDAP profile that you want to use.

    password <password_str>

    If auth-strategy is local or radius, enter the password for the administrator account.

    Caution

    Do not enter a FortiMail administrator password less than 8 characters long. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly.

    Failure to provide a strong password could compromise the security of your FortiMail unit.

    pkiuser <pkiuser_str>

    If auth-strategy is pki, enter the name of a PKI user.

    Whether the administrator is required to log in only with a valid personal certificate or password-style authentication fallback is allowed varies by your configuration of .

    radius-profile <profile_name>

    If auth-strategy is radius, enter the name of a RADIUS authentication profile that you want to use.

    sshkey <key_str>

    Enter the SSH public key string surrounded in single straight quotes ( ' ).

    When connecting from an SSH client that presents this key, the administrator will not need to provide their account name and password in order to log in to the CLI.

    sso-profile <profile_name>

    If auth-strategy is sso, enter the SSO profile that you want to use.

    theme {Blue |Green | Light-Blue | Red}

    Enter this administrator account’s preference for the display theme when logging in.

    Green

    trusted-hosts <host_ipv4mask>

    Enter one to three IP addresses and netmasks from which the administrator can log in to the FortiMail unit. Separate each IP address and netmask pair with a comma ( , ).

    To allow the administrator to authenticate from any IP address, enter 0.0.0.0/0.0.0.0.

    0.0.0.0/0.0.0.0

    webmode {advanced | cloud-api | simple}

    Enter which display mode will initially appear when the administrator logs in to the GUI.

    The administrator can switch the display mode during their session; this setting only affects the initial state of the display.

    simple

    Related topics

    profile ldap

    profile sso

    sensitive data

    system accprofile

    system interface

    system web-service

    user pki

    Previous
    Next

    system admin

    system admin

    Use this command to configure FortiMail administrator accounts.

    By default, FortiMail units have a single administrator account, admin. For more granular control over administrative access, you can create additional administrator accounts that are restricted to being able to configure a specific protected domain and/or with restricted permissions. For more information, see the FortiMail Administration Guide.

    Syntax

    config system admin

    edit <name_str>

    set status {enable | disable}

    set access {cli | gui | rest}

    set access-profile <profile_name>

    set auth-strategy {cloud | ldap | local | pki | radius | sso}

    set language <lang_str>

    set level {domain | domain-group | system}

    set ldap-profile <profile_name>

    set password <password_str>

    set pkiuser <pkiuser_str>

    set radius-profile <profile_name>

    set sshkey <key_str>

    set sso-profile <profile_name>

    set theme {Blue |Green | Light-Blue | Red}

    set trusted-hosts <host_ipv4mask>

    set webmode {advanced | cloud-api | simple}

    end

    Variable

    Description

    Default

    <name_str>

    Enter the name of the administrator account.

    status {enable | disable}

    Enable to activate the administrator account.

    disable

    access {cli | gui | rest}

    Select the access method allowed for the administrator.

    Access methods require that you also enabled the associated protocols on the network interface where the administrator connects.

    cli gui rest

    access-profile <profile_name>

    Enter the name of an access profile that determines which functional areas the administrator account is allowed to view or affect.

    auth-strategy {cloud | ldap | local | pki | radius | sso}

    Select the local or remote type of authentication that the administrator will be able to use.

    local

    language <lang_str>

    Enter this administrator account’s preference for the display language of the GUI. Available languages vary by whether or not you have installed additional language resource files.

    To view a list of languages, enter a question mark ( ? ).

    english

    level {domain | domain-group | system}

    Select the administrator's access level.

    system

    ldap-profile <profile_name>

    If auth-strategy is ldap, enter the LDAP profile that you want to use.

    password <password_str>

    If auth-strategy is local or radius, enter the password for the administrator account.

    Caution

    Do not enter a FortiMail administrator password less than 8 characters long. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly.

    Failure to provide a strong password could compromise the security of your FortiMail unit.

    pkiuser <pkiuser_str>

    If auth-strategy is pki, enter the name of a PKI user.

    Whether the administrator is required to log in only with a valid personal certificate or password-style authentication fallback is allowed varies by your configuration of .

    radius-profile <profile_name>

    If auth-strategy is radius, enter the name of a RADIUS authentication profile that you want to use.

    sshkey <key_str>

    Enter the SSH public key string surrounded in single straight quotes ( ' ).

    When connecting from an SSH client that presents this key, the administrator will not need to provide their account name and password in order to log in to the CLI.

    sso-profile <profile_name>

    If auth-strategy is sso, enter the SSO profile that you want to use.

    theme {Blue |Green | Light-Blue | Red}

    Enter this administrator account’s preference for the display theme when logging in.

    Green

    trusted-hosts <host_ipv4mask>

    Enter one to three IP addresses and netmasks from which the administrator can log in to the FortiMail unit. Separate each IP address and netmask pair with a comma ( , ).

    To allow the administrator to authenticate from any IP address, enter 0.0.0.0/0.0.0.0.

    0.0.0.0/0.0.0.0

    webmode {advanced | cloud-api | simple}

    Enter which display mode will initially appear when the administrator logs in to the GUI.

    The administrator can switch the display mode during their session; this setting only affects the initial state of the display.

    simple

    Related topics

    profile ldap

    profile sso

    sensitive data

    system accprofile

    system interface

    system web-service

    user pki

    Previous
    Next