Fortinet white logo
Fortinet white logo

Administration Guide

7.2.0

Add a guest self registration profile

Add a guest self registration profile

Guest self registration allows visitors to request a temporary or guest account from their own device. A sponsor receives an email indicating that a request has been received from a guest. The sponsor responds to the request by approving or denying it. Sponsors with the guest self registration profile or with a guest manager profile and administrators can respond to a self registration request from a guest.

Anyone in your organization can be a sponsor for guest self registration. They must be entered into FortiNAC as an administrator and that user account must have a guest self registration administrator profile applied. You can quickly create sponsors by using directory groups. See Set privileges based on directory groups.

Guests can access your network for the length of time specified by the account duration. Availability can be 24 hours a day or limited to specific hours during the day.

To create a profile you must first be logged into your administrator account.

  1. Click Users & Hosts > Administrators > Profiles .
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a Name for the profile.
  4. Use the table below for details on the fields in the General Tab.
  5. Under Manage Hosts and Ports select All.
  6. Leave the defaults for the remaining fields and click on the Permissions tab.
  7. On the Permissions tab note that some permissions are dependent on each other. Refer to thePermissions list for additional information.
  8. The minimum that this sponsor must have is the Self Registration Requests permission set. Select all of the check boxes for this set.
  9. When you select the Self Registration Requests permission set, the Landing Page field defaults to Self Registration Requests.
  10. Click OK.
Settings

Field

Definition

Name

Enter a name that describes the profile, such as kiosk sponsor.

Logout After

User is logged out after this amount of time has elapsed without any activity in the user interface.

Login Availability

Specify when this sponsor can log into the network:

  • Always
  • Specify Time

The Specify Time option requires you to specify an hourly time range and the days of the week the sponsor can log in.

Manage Hosts And Ports

Restricts an administrator to a specific set of hosts or ports. The set is defined by host and port groups that are assigned to be managed by a specific group of administrators.

Any administrator that has a profile with this option enabled can only view and or modify a subset of the data in FortiNAC. Typically, this type of user would ONLY have the Manage Hosts & Ports permission set on the Permissions tab, therefore, this setting is not used frequently. Default = All.

  • All: All groups containing hosts and ports can be accessed.
  • Restrict By Groups: Enables the restriction of administrators to specific hosts and ports.

For an overview and additional setup information, see Limit access with groups.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC for an existing administrator profile record.

Enable Guest Kiosk

Do not enable this field for the Self Registered Guest administrator profile.

If you enable this mode, sponsors can log into FortiNAC to provide visitors self-serve account creation through a kiosk. For added security, use a kiosk browser. See Using a kiosk to read the sponsor’s procedure.

Sponsors with this profile cannot do anything except log into the Kiosk PC to display the Guest Login page. Sponsors who need to manually create visitor accounts cannot have Kiosk mode enabled.

Add a guest self registration profile

Add a guest self registration profile

Guest self registration allows visitors to request a temporary or guest account from their own device. A sponsor receives an email indicating that a request has been received from a guest. The sponsor responds to the request by approving or denying it. Sponsors with the guest self registration profile or with a guest manager profile and administrators can respond to a self registration request from a guest.

Anyone in your organization can be a sponsor for guest self registration. They must be entered into FortiNAC as an administrator and that user account must have a guest self registration administrator profile applied. You can quickly create sponsors by using directory groups. See Set privileges based on directory groups.

Guests can access your network for the length of time specified by the account duration. Availability can be 24 hours a day or limited to specific hours during the day.

To create a profile you must first be logged into your administrator account.

  1. Click Users & Hosts > Administrators > Profiles .
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a Name for the profile.
  4. Use the table below for details on the fields in the General Tab.
  5. Under Manage Hosts and Ports select All.
  6. Leave the defaults for the remaining fields and click on the Permissions tab.
  7. On the Permissions tab note that some permissions are dependent on each other. Refer to thePermissions list for additional information.
  8. The minimum that this sponsor must have is the Self Registration Requests permission set. Select all of the check boxes for this set.
  9. When you select the Self Registration Requests permission set, the Landing Page field defaults to Self Registration Requests.
  10. Click OK.
Settings

Field

Definition

Name

Enter a name that describes the profile, such as kiosk sponsor.

Logout After

User is logged out after this amount of time has elapsed without any activity in the user interface.

Login Availability

Specify when this sponsor can log into the network:

  • Always
  • Specify Time

The Specify Time option requires you to specify an hourly time range and the days of the week the sponsor can log in.

Manage Hosts And Ports

Restricts an administrator to a specific set of hosts or ports. The set is defined by host and port groups that are assigned to be managed by a specific group of administrators.

Any administrator that has a profile with this option enabled can only view and or modify a subset of the data in FortiNAC. Typically, this type of user would ONLY have the Manage Hosts & Ports permission set on the Permissions tab, therefore, this setting is not used frequently. Default = All.

  • All: All groups containing hosts and ports can be accessed.
  • Restrict By Groups: Enables the restriction of administrators to specific hosts and ports.

For an overview and additional setup information, see Limit access with groups.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC for an existing administrator profile record.

Enable Guest Kiosk

Do not enable this field for the Self Registered Guest administrator profile.

If you enable this mode, sponsors can log into FortiNAC to provide visitors self-serve account creation through a kiosk. For added security, use a kiosk browser. See Using a kiosk to read the sponsor’s procedure.

Sponsors with this profile cannot do anything except log into the Kiosk PC to display the Guest Login page. Sponsors who need to manually create visitor accounts cannot have Kiosk mode enabled.