Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.2.3 Administration Guide
    6.2.3
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Configuring FortiAuthenticator

    Configuring FortiAuthenticator

    On the FortiAuthenticator, you must create a local user and a RADIUS client.

    Before proceeding, ensure you have configured your FortiAuthenticator, created a NAS entry for your FortiManager, and created or imported FortiTokens.

    For more information, see the Two-Factor Authenticator Interoperability Guide and FortiAuthenticator Administration Guide in the Fortinet Document Library.
    Create a local user:
    1. Go to Authentication > User Management > Local Users.
    2. Click Create New in the toolbar.
    3. Configure the following settings:

      Username

      Enter a user name for the local user.

      Password creation

      Select Specify a password from the dropdown list.

      Password

      Enter a password. The password must be a minimum of 8 characters.

      Password confirmation

      Re-enter the password. The passwords must match.

      Allow RADIUS authentication

      Enable to allow RADIUS authentication.

      Role

      Select the role for the new user.

      Enable account expiration

      Optionally, select to enable account expiration. For more information see the FortiAuthenticator Administration Guide.
    4. Click OK to continue to the Change local user page.

    5. Configure the following settings, then click OK.

      Disabled

      Select to disable the local user.

      Password-based authentication

      Leave this option selected. Select [Change Password] to change the password for this local user.

      Token-based authentication

      Select to enable token-based authentication.

      Deliver token code by

      Select to deliver token by FortiToken, email, or SMS.

      Click Test Token to test the token.

      Allow RADIUS authentication

      Select to allow RADIUS authentication.

      Enable account expiration

      Optionally, select to enable account expiration. For more information see the FortiAuthenticator Administration Guide.

      User Role

      Role

      Select either Administrator or User.

      Full Permission

      Select to allow Full Permission, otherwise select the admin profiles to apply to the user. This option is only available when Role is Administrator.

      Web service

      Select to allow Web service, which allows the administrator to access the web service via a REST API or by using a client application. This option is only available when Role is Administrator.

      Restrict admin login from trusted management subnets only

      Select to restrict admin login from trusted management subnets only, then enter the trusted subnets in the table. This option is only available when Role is Administrator.

      Allow LDAP Browsing

      Select to allow LDAP browsing. This option is only available when Role is User.
    Create a RADIUS client:
    1. Go to Authentication > RADIUS Service > Clients.
    2. Click Create New in the toolbar.
    3. Configure the following settings, then click OK.

      Name

      Enter a name for the RADIUS client entry.

      Client name/IP

      Enter the IP address or Fully Qualified Domain Name (FQDN) of the FortiManager.

      Secret

      Enter the server secret. This value must match the FortiManager RADIUS server setting at System Settings > Admin > Remote Authentication Server.

      First profile name

      See the FortiAuthenticator Administration Guide.

      Description

      Enter an optional description for the RADIUS client entry.

      Apply this profile based on RADIUS attributes

      Select to apply the profile based on RADIUS attributes.

      Authentication method

      Select Enforce two-factor authentication from the list of options.

      Username input format

      Select specific user name input formats.

      Realms

      Configure realms.

      Allow MAC-based authentication

      Optional configuration.

      Check machine authentication

      Select to check machine based authentication and apply groups based on the success or failure of the authentication.

      Enable captive portal

      Enable various portals.

      EAP types

      Optional configuration.

    For more information, see the FortiAuthenticator Administration Guide, available in the Fortinet Document Library.
    Previous
    Next

    Configuring FortiAuthenticator

    Configuring FortiAuthenticator

    On the FortiAuthenticator, you must create a local user and a RADIUS client.

    Before proceeding, ensure you have configured your FortiAuthenticator, created a NAS entry for your FortiManager, and created or imported FortiTokens.

    For more information, see the Two-Factor Authenticator Interoperability Guide and FortiAuthenticator Administration Guide in the Fortinet Document Library.
    Create a local user:
    1. Go to Authentication > User Management > Local Users.
    2. Click Create New in the toolbar.
    3. Configure the following settings:

      Username

      Enter a user name for the local user.

      Password creation

      Select Specify a password from the dropdown list.

      Password

      Enter a password. The password must be a minimum of 8 characters.

      Password confirmation

      Re-enter the password. The passwords must match.

      Allow RADIUS authentication

      Enable to allow RADIUS authentication.

      Role

      Select the role for the new user.

      Enable account expiration

      Optionally, select to enable account expiration. For more information see the FortiAuthenticator Administration Guide.
    4. Click OK to continue to the Change local user page.

    5. Configure the following settings, then click OK.

      Disabled

      Select to disable the local user.

      Password-based authentication

      Leave this option selected. Select [Change Password] to change the password for this local user.

      Token-based authentication

      Select to enable token-based authentication.

      Deliver token code by

      Select to deliver token by FortiToken, email, or SMS.

      Click Test Token to test the token.

      Allow RADIUS authentication

      Select to allow RADIUS authentication.

      Enable account expiration

      Optionally, select to enable account expiration. For more information see the FortiAuthenticator Administration Guide.

      User Role

      Role

      Select either Administrator or User.

      Full Permission

      Select to allow Full Permission, otherwise select the admin profiles to apply to the user. This option is only available when Role is Administrator.

      Web service

      Select to allow Web service, which allows the administrator to access the web service via a REST API or by using a client application. This option is only available when Role is Administrator.

      Restrict admin login from trusted management subnets only

      Select to restrict admin login from trusted management subnets only, then enter the trusted subnets in the table. This option is only available when Role is Administrator.

      Allow LDAP Browsing

      Select to allow LDAP browsing. This option is only available when Role is User.
    Create a RADIUS client:
    1. Go to Authentication > RADIUS Service > Clients.
    2. Click Create New in the toolbar.
    3. Configure the following settings, then click OK.

      Name

      Enter a name for the RADIUS client entry.

      Client name/IP

      Enter the IP address or Fully Qualified Domain Name (FQDN) of the FortiManager.

      Secret

      Enter the server secret. This value must match the FortiManager RADIUS server setting at System Settings > Admin > Remote Authentication Server.

      First profile name

      See the FortiAuthenticator Administration Guide.

      Description

      Enter an optional description for the RADIUS client entry.

      Apply this profile based on RADIUS attributes

      Select to apply the profile based on RADIUS attributes.

      Authentication method

      Select Enforce two-factor authentication from the list of options.

      Username input format

      Select specific user name input formats.

      Realms

      Configure realms.

      Allow MAC-based authentication

      Optional configuration.

      Check machine authentication

      Select to check machine based authentication and apply groups based on the success or failure of the authentication.

      Enable captive portal

      Enable various portals.

      EAP types

      Optional configuration.

    For more information, see the FortiAuthenticator Administration Guide, available in the Fortinet Document Library.
    Previous
    Next