Add or modify a user
User records are created as users connect to the network and register. Users can be added by importing them in a file or by entering the data manually. See Import and export data. The Add or Modify User feature allows you to create new users or edit existing ones.
- Select Users & Hosts > User Accounts.
- Click Add.
- In the Enter User ID window type a unique alphanumeric ID for this user. If you are using a directory for authentication, enter the user ID from the directory. This allows FortiNAC to synchronize its database with the directory and update user data.
- Click OK. FortiNAC verifies that the user ID is in the directory and populates fields that have existing data in the directory, such as First and Last Name.
- If the user is not in the directory, you can still add the user, but FortiNAC assumes that this user will authenticate locally and asks you for a password for the user.
- To modify an existing user, use the search or filter mechanisms on the User View to locate the appropriate user.
- Click on the user to select it.
- Click Modify.
- See the table below for detailed information on each field.
- Click OK to save your data.
Settings
Field |
Definitions |
---|---|
Required fields |
|
User ID |
|
Change Password |
Allows you to change the password for this user. Users who authenticate through the directory will not have a Change Password button. Only users who are locally authenticated by FortiNAC have a change password option. |
First Name |
User's name as it is retrieved from the directory. If you are using a directory, these fields are updated every time the directory is re-synchronized with the database. If you are not using a directory, enter the user's first and last name. |
Role |
Roles are attributes of users and can be used as filters in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied. |
Additional info |
|
Address |
User's address of residence. |
City |
User's city of residence. |
State |
Two letter abbreviation for state of residence. |
Zip/Postal Code |
Postal code for the user's city and state of residence. |
|
User's email address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided. |
Title |
This can be a form of address, such a as Mr., or a title within the organization. |
Mobile Number |
Mobile Phone number used for sending SMS messages to guests and administrators. |
Mobile Provider |
Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to guests and administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server. |
Allowed Hosts |
The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total. If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host. If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts. Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device. If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user. |
Global Default |
Default number of Allowed Hosts used if the Allowed Hosts field is empty. The default is set in System > Settings > User/Host Management > Allowed Hosts. |
Notes |
Free form notes entered by the Administrator. |
Security and Access Attribute Value |
This value is an attribute of users and can be used as a filter in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied. If a directory is in use, the Security and Access Attribute value comes from the directory when it is synchronized with the database. Otherwise the value can be entered manually. |
RADIUS - Local Password Validation (MSCHAPv2) |
RADIUS MSCHAPv2 credential validation against local users Allows mschap module in FreeRADIUS service to authenticate user credentials without a query to a backend active directory.
This option is only presented when the following global options is enabled in cli:
FortiNAC (CentOS) run: globaloptiontool -name "localRadiusServer.mschapV2LocalUserAuth" -set true
FortiNAC-F (NAC-OS) run: execute enter-shell globaloptiontool -name "localRadiusServer.mschapV2LocalUserAuth" -set true |