Fortinet black logo

Administration Guide

Credential configuration

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:418910
Download PDF

Credential configuration

Use the Credential Configuration view to configure how credentials are verified for hosts who use the Persistent Agent.

Note

This tab is only available for firmware version 2.2.0.x or greater.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand the Persistent Agent folder and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the Device Profiler. There is a method in Device Profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network: Local, LDAP, RADIUS or RADIUS/LDAP.

The RADIUS/LDAP option indicates that the user is being authenticated by a RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

The authentication type selected must match the authentication method selected in the Portal Configuration window.

Note

Google authentication for the Persistent Agent is not supported.

Credential configuration

Use the Credential Configuration view to configure how credentials are verified for hosts who use the Persistent Agent.

Note

This tab is only available for firmware version 2.2.0.x or greater.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand the Persistent Agent folder and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the Device Profiler. There is a method in Device Profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network: Local, LDAP, RADIUS or RADIUS/LDAP.

The RADIUS/LDAP option indicates that the user is being authenticated by a RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

The authentication type selected must match the authentication method selected in the Portal Configuration window.

Note

Google authentication for the Persistent Agent is not supported.