Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Guest/contractor accounts

Guest Accounts allows you to create and manage guest or contractor accounts. To initially set up the accounts, access the Add Guest option and select a template set up by your administrator. Include the e-mail addresses of the guests or contractors as you create their accounts. You can then notify them of start times, required class materials, or other relevant information.

You may enter data specified as Required in the guest or contractor registration form, or you can let the guests and contractors enter the data themselves when they log into the portal. At that time, the required fields must be completed in order for the guest or contractor to log into the system.

Passwords are automatically generated when guest or contractor accounts are created. Generated passwords do not include characters that could be difficult to identify, including: the number one, the letter l (ell), the upper case letter I (eye), zero, upper or lowercase letter O. For conference accounts with shared passwords you have the option of creating your own password or generating one. FortiNAC does not recognize or restrict system-generated passwords that may be offensive.

If you have account management privileges in your sponsor administrator profile, you may change or remove information in an account. Depending on your privileges, you may be allowed to manage all created accounts or only your own accounts.

Guests also display on the user view. See User View and Guest account details.

Settings

Fields used in filters are also defined in this table.

Field

Definition

View Reports

Opens the Guest Accounts Report view. This option displays only when Guest/Contractor Accounts is accessed from the Users menu.

Table columns

Enabled

Indicates guest account status. The account is either enabled (green check mark) or disabled (red x).

Sponsor

User name of the administrator or sponsor that created the guest account.

Account Type

Guest account type. Types include:

  • Guest: A visitor to your facility with limited or Internet-only network access.
  • Conference: A group of short- or long-term visitors to your organization who require identical but limited access to your network for typically one to five days.
  • Contractor: A temporary employee of your organization who may be granted all or limited network access for a specific time period generally defined in weeks or months.

Name

Guest's first and last name.

User

Guest's email account which is used as the user ID at login.

Starting
Start Date

Date and time (using a 24-hour clock format) the account will become active for the guest or contractor.

Ending
End Date

Date and time the account will expire.

Login Availability

Times during which the guest is permitted to access the network.

Role

Role is an attribute of a user or a host. It is used in user/host profiles as a filter when assigning network access policies, endpoint compliance policies, and Supplicant EasyConnect policies.

Authentication

Indicates type of authentication used. Options include: Local and LDAP. Guests typically use Local authentication.

Security & Access Value

Attribute assigned to a guest that can be used as a filter. Common values are Guest, Contractor or Visitor.

Account Duration

There are two methods that work together for determining the length of time a guest account is active. The shortest duration of the two is the one that is used to remove a guest account from the database.

  • Account Duration (Hours): Option included in the guest template to limit the time a guest account created with this template remains in the database. If this is blank, the guest account end date is used. The Account Duration starts only when the guest user first logs in. For example, you could create a guest account with a date range that spans one week and if the account duration was 24 hours, they would be able to log in for one 24 hour period any time during that week
  • Account End Date: Option included on the Add Guest Account dialog to determine the date on which the guest account expires. This field is required when a guest account is created.

Reauth Period

Number of hours the guest or contractor can access the network before reauthentication is required.

Last Modified By

User name of the last user to modify the guest account.

Last Modified Date

Date and time of the last modification to this guest account.

Right click menu options

Delete

To delete an account, select the account and click Delete. The account is deleted and will no longer show up in the created accounts window.

Modify

Change information in an existing guest or contractor account. This option also allows you to reset the information and reenter it.

To modify an account select the account you want to change and click Modify.

Conference accounts cannot be modified.

Reset Password

To reset an account password select the account and click Reset Password. The account password is automatically changed.

View

View additional account information such as passwords and guest or contractor phone numbers. Select an account and click View. This displays the Print, Send e-mail and Send SMS options for the selected account(s).

Send Email

Sends email to the selected guests containing their login information.

Send SMS

Sends a text message to the selected guests' mobile telephone containing their login information.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Select All

Selects all guest accounts displayed in the table.

Enable/Disable

Select the account and click Enable/Disable. The account status is changed. This is used to enable a guest account if a guest were to arrive earlier than expected.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. This option displays only when Guest/Contractor accounts is accessed from the Users menu.

Guest/contractor accounts

Guest Accounts allows you to create and manage guest or contractor accounts. To initially set up the accounts, access the Add Guest option and select a template set up by your administrator. Include the e-mail addresses of the guests or contractors as you create their accounts. You can then notify them of start times, required class materials, or other relevant information.

You may enter data specified as Required in the guest or contractor registration form, or you can let the guests and contractors enter the data themselves when they log into the portal. At that time, the required fields must be completed in order for the guest or contractor to log into the system.

Passwords are automatically generated when guest or contractor accounts are created. Generated passwords do not include characters that could be difficult to identify, including: the number one, the letter l (ell), the upper case letter I (eye), zero, upper or lowercase letter O. For conference accounts with shared passwords you have the option of creating your own password or generating one. FortiNAC does not recognize or restrict system-generated passwords that may be offensive.

If you have account management privileges in your sponsor administrator profile, you may change or remove information in an account. Depending on your privileges, you may be allowed to manage all created accounts or only your own accounts.

Guests also display on the user view. See User View and Guest account details.

Settings

Fields used in filters are also defined in this table.

Field

Definition

View Reports

Opens the Guest Accounts Report view. This option displays only when Guest/Contractor Accounts is accessed from the Users menu.

Table columns

Enabled

Indicates guest account status. The account is either enabled (green check mark) or disabled (red x).

Sponsor

User name of the administrator or sponsor that created the guest account.

Account Type

Guest account type. Types include:

  • Guest: A visitor to your facility with limited or Internet-only network access.
  • Conference: A group of short- or long-term visitors to your organization who require identical but limited access to your network for typically one to five days.
  • Contractor: A temporary employee of your organization who may be granted all or limited network access for a specific time period generally defined in weeks or months.

Name

Guest's first and last name.

User

Guest's email account which is used as the user ID at login.

Starting
Start Date

Date and time (using a 24-hour clock format) the account will become active for the guest or contractor.

Ending
End Date

Date and time the account will expire.

Login Availability

Times during which the guest is permitted to access the network.

Role

Role is an attribute of a user or a host. It is used in user/host profiles as a filter when assigning network access policies, endpoint compliance policies, and Supplicant EasyConnect policies.

Authentication

Indicates type of authentication used. Options include: Local and LDAP. Guests typically use Local authentication.

Security & Access Value

Attribute assigned to a guest that can be used as a filter. Common values are Guest, Contractor or Visitor.

Account Duration

There are two methods that work together for determining the length of time a guest account is active. The shortest duration of the two is the one that is used to remove a guest account from the database.

  • Account Duration (Hours): Option included in the guest template to limit the time a guest account created with this template remains in the database. If this is blank, the guest account end date is used. The Account Duration starts only when the guest user first logs in. For example, you could create a guest account with a date range that spans one week and if the account duration was 24 hours, they would be able to log in for one 24 hour period any time during that week
  • Account End Date: Option included on the Add Guest Account dialog to determine the date on which the guest account expires. This field is required when a guest account is created.

Reauth Period

Number of hours the guest or contractor can access the network before reauthentication is required.

Last Modified By

User name of the last user to modify the guest account.

Last Modified Date

Date and time of the last modification to this guest account.

Right click menu options

Delete

To delete an account, select the account and click Delete. The account is deleted and will no longer show up in the created accounts window.

Modify

Change information in an existing guest or contractor account. This option also allows you to reset the information and reenter it.

To modify an account select the account you want to change and click Modify.

Conference accounts cannot be modified.

Reset Password

To reset an account password select the account and click Reset Password. The account password is automatically changed.

View

View additional account information such as passwords and guest or contractor phone numbers. Select an account and click View. This displays the Print, Send e-mail and Send SMS options for the selected account(s).

Send Email

Sends email to the selected guests containing their login information.

Send SMS

Sends a text message to the selected guests' mobile telephone containing their login information.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Select All

Selects all guest accounts displayed in the table.

Enable/Disable

Select the account and click Enable/Disable. The account status is changed. This is used to enable a guest account if a guest were to arrive earlier than expected.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. This option displays only when Guest/Contractor accounts is accessed from the Users menu.