Add Admin users

Administrator users other than the root user can be created on the FortiNAC Control Manager. It is recommended that at least one Administrator user be added and used in lieu of using the root user account. Make sure these accounts also exist on the FortiNAC Server or FortiNAC Control Server appliances so the Administrator users can have access to the data.

FortiNAC Control Manager Administrators can be authenticated via LDAP, by selecting LDAP in the authentication field when the user account is configured. When an Administrator user logs in, the FortiNAC Control Manager checks the Directory configured for each managed server in turn until it locates the user record. If the authentication is successful, the FortiNAC Control Manager updates the user fields, such as address and telephone number, and allows the user to access the Admin user interface.

To add an Administrative user account:

Create the Administrator, Operator, or Help Desk user on the FortiNAC Server or FortiNAC Control Server that the user has access to for searches.

For Local Authentication make the password for the user the same on the FortiNAC Server, FortiNAC Control Server, or FortiNAC Control Manager.
Log in to the FortiNAC Control Manager.
Select Users > Admin Users.
Click Add.
In the User ID window displayed, enter an alphanumeric User ID for the new Admin user and click OK. As you enter the User ID, the network user database is checked to see if there is a current user with the same ID and a drop-down list of matching users is displayed. If you enter an ID that already exists as a regular network user, the network user and the Admin user become the same person with a single account.

This allows you to give a network user administrator privileges to help with some administrative tasks.
Use the table of field definitions below to complete the information in the Add User dialog.
Click OK to save the new user.

Field	Definition
Authentication Type	Authentication method used for this Admin user. Types include: Local — Validates the user to a database on the local FortiNAC appliance. LDAP — Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory. RADIUS — Validates the user to a RADIUS server. If an integrated RADIUS server has been added under RADIUS Settings and the Authentication Type field is set to RADIUS, a RADIUS User record is automatically added to the RADIUS User's view for this user. Authentication of Admin Users via RADIUS is not currently available, however, Admin Users can sill be created with the RADIUS authentication type for use on NetworkSentry pods.
Admin Profile	Profiles control permissions for administrative users. Add — Opens the Admin Profiles window allowing you to create a new profile without exiting the Add User window. Modify — Allows you to modify the selected Admin Profile. Note that modifications to the profile affect all Administrative Users that have been assigned that profile.
User ID	Unique alphanumeric ID for this user.
Password	Password used for local authentication. If you authenticate users through LDAP, the password field is disabled and the user must log in with their LDAP password.
First Name	User's first name.
Last Name	User's last name.
Address	Optional demographic information.
City
State
Zip/Postal Code
Phone
E-mail	E-mail address used to send system notifications associated with features such as alarms or profiled devices. Also used to send Guest Self-Registration Requests from guests requesting an account. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.
Title	User's title, such as Mr. or Ms.
Mobile Number	Mobile Phone number used for sending SMS messages to administrators.
Mobile Provider	Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@email.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.
Notes	Free form notes field for additional information.
User Never Expires	If enabled, Admin users are never aged out of the database. The default is enabled. Admin Users assigned the Administrator Profile cannot be aged out.

Add Admin users

To add an Administrative user account:

Create the Administrator, Operator, or Help Desk user on the FortiNAC Server or FortiNAC Control Server that the user has access to for searches.

For Local Authentication make the password for the user the same on the FortiNAC Server, FortiNAC Control Server, or FortiNAC Control Manager.
Log in to the FortiNAC Control Manager.
Select Users > Admin Users.
Click Add.
In the User ID window displayed, enter an alphanumeric User ID for the new Admin user and click OK. As you enter the User ID, the network user database is checked to see if there is a current user with the same ID and a drop-down list of matching users is displayed. If you enter an ID that already exists as a regular network user, the network user and the Admin user become the same person with a single account.

This allows you to give a network user administrator privileges to help with some administrative tasks.
Use the table of field definitions below to complete the information in the Add User dialog.
Click OK to save the new user.

Field	Definition
Authentication Type	Authentication method used for this Admin user. Types include: Local — Validates the user to a database on the local FortiNAC appliance. LDAP — Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory. RADIUS — Validates the user to a RADIUS server. If an integrated RADIUS server has been added under RADIUS Settings and the Authentication Type field is set to RADIUS, a RADIUS User record is automatically added to the RADIUS User's view for this user. Authentication of Admin Users via RADIUS is not currently available, however, Admin Users can sill be created with the RADIUS authentication type for use on NetworkSentry pods.
Admin Profile	Profiles control permissions for administrative users. Add — Opens the Admin Profiles window allowing you to create a new profile without exiting the Add User window. Modify — Allows you to modify the selected Admin Profile. Note that modifications to the profile affect all Administrative Users that have been assigned that profile.
User ID	Unique alphanumeric ID for this user.
Password	Password used for local authentication. If you authenticate users through LDAP, the password field is disabled and the user must log in with their LDAP password.
First Name	User's first name.
Last Name	User's last name.
Address	Optional demographic information.
City
State
Zip/Postal Code
Phone
E-mail	E-mail address used to send system notifications associated with features such as alarms or profiled devices. Also used to send Guest Self-Registration Requests from guests requesting an account. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.
Title	User's title, such as Mr. or Ms.
Mobile Number	Mobile Phone number used for sending SMS messages to administrators.
Mobile Provider	Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@email.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.
Notes	Free form notes field for additional information.
User Never Expires	If enabled, Admin users are never aged out of the database. The default is enabled. Admin Users assigned the Administrator Profile cannot be aged out.