Fortinet black logo

Control Manager

Modify a user

Copy Link
Copy Doc ID c0e495af-7299-11e9-81a4-00505692583a:415152
Download PDF

Modify a user

User records are created as users connect to the network and register. Users can be added by importing them in a file or by entering the data manually. See Import and export data. The Add or Modify User feature allows you to create new users or edit existing ones.

  1. Select Users > User View.
  2. Use the search or filter mechanisms on the User View to locate the appropriate user.
  3. Select the user and click the Modify button.
  4. See the field definitions table below for detailed information on each field.
  5. Click OK to save your data.

Field

Definitions

Required Fields

User ID

Unique alphanumeric ID. If you are using a directory for authentication, this should match an entry in the directory. If it does not, FortiNAC assumes that this user is authenticating locally and asks you for a password.

When using a directory for authentication, fields such as name, address, email, are updated from the directory based on the User ID when the database synchronizes with the directory. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the User ID matches a User ID in the directory, the FortiNAC database is updated with the directory data.

Change Password

Allows you to change the password for this user. Users who authenticate through the directory will not have a Change Password button. Only users who are locally authenticated by FortiNAC have a change password option.

First Name
Last Name

User's name as it is retrieved from the directory. If you are using a directory, these fields are updated every time the directory is re-synchronized with the database. If you are not using a directory, enter the user's first and last name.

Role

Roles are attributes of users and can be used as filters in User/Host Profiles. These profiles are used to determine which Network Access Policy, Endpoint Compliance Policy or Supplicant EasyConnect Policy is applied.

Additional Info

Address

User's address of residence.

City

User's city of residence.

State

Two letter abbreviation for state of residence.

Zip/Postal Code

Postal code for the user's city and state of residence.

Email

User's email address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

Title

This can be a form of address, such a as Mr., or a title within the organization.

Mobile Number

Mobile Phone number used for sending SMS messages to guests and administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to guests and administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single machine with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one machine with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Global Default

Default number of Allowed Hosts used if the Allowed Hosts field is empty. The default is set in System > Settings > User/Host Management > Allowed Hosts.

Notes

Free form notes entered by the Administrator.

Security and Access Attribute Value

This value is an attribute of users and can be used as a filter in User/Host Profiles. These profiles are used to determine which Network Access Policy, Endpoint Compliance Policy or Supplicant EasyConnect Policy is applied. If a directory is in use, the Security and Access Attribute value comes from the directory when it is synchronized with the database. Otherwise the value can be entered manually.

Modify a user

User records are created as users connect to the network and register. Users can be added by importing them in a file or by entering the data manually. See Import and export data. The Add or Modify User feature allows you to create new users or edit existing ones.

  1. Select Users > User View.
  2. Use the search or filter mechanisms on the User View to locate the appropriate user.
  3. Select the user and click the Modify button.
  4. See the field definitions table below for detailed information on each field.
  5. Click OK to save your data.

Field

Definitions

Required Fields

User ID

Unique alphanumeric ID. If you are using a directory for authentication, this should match an entry in the directory. If it does not, FortiNAC assumes that this user is authenticating locally and asks you for a password.

When using a directory for authentication, fields such as name, address, email, are updated from the directory based on the User ID when the database synchronizes with the directory. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the User ID matches a User ID in the directory, the FortiNAC database is updated with the directory data.

Change Password

Allows you to change the password for this user. Users who authenticate through the directory will not have a Change Password button. Only users who are locally authenticated by FortiNAC have a change password option.

First Name
Last Name

User's name as it is retrieved from the directory. If you are using a directory, these fields are updated every time the directory is re-synchronized with the database. If you are not using a directory, enter the user's first and last name.

Role

Roles are attributes of users and can be used as filters in User/Host Profiles. These profiles are used to determine which Network Access Policy, Endpoint Compliance Policy or Supplicant EasyConnect Policy is applied.

Additional Info

Address

User's address of residence.

City

User's city of residence.

State

Two letter abbreviation for state of residence.

Zip/Postal Code

Postal code for the user's city and state of residence.

Email

User's email address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

Title

This can be a form of address, such a as Mr., or a title within the organization.

Mobile Number

Mobile Phone number used for sending SMS messages to guests and administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to guests and administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single machine with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one machine with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Global Default

Default number of Allowed Hosts used if the Allowed Hosts field is empty. The default is set in System > Settings > User/Host Management > Allowed Hosts.

Notes

Free form notes entered by the Administrator.

Security and Access Attribute Value

This value is an attribute of users and can be used as a filter in User/Host Profiles. These profiles are used to determine which Network Access Policy, Endpoint Compliance Policy or Supplicant EasyConnect Policy is applied. If a directory is in use, the Security and Access Attribute value comes from the directory when it is synchronized with the database. Otherwise the value can be entered manually.