Fortinet black logo

Administration Guide

Credential configuration

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:418910
Download PDF

Credential configuration

Configure how credentials are verified for hosts who use the Persistent Agent.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand Persistent Agent and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the device profiler. There is a method in device profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network: Local, LDAP, RADIUS or RADIUS/LDAP.

The RADIUS/LDAP option indicates that the user is being authenticated by a RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

The authentication type selected must match the authentication method selected in the portal configuration window.

Google authentication for the Persistent Agent is not supported.

Credential configuration

Configure how credentials are verified for hosts who use the Persistent Agent.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand Persistent Agent and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the device profiler. There is a method in device profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network: Local, LDAP, RADIUS or RADIUS/LDAP.

The RADIUS/LDAP option indicates that the user is being authenticated by a RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

The authentication type selected must match the authentication method selected in the portal configuration window.

Google authentication for the Persistent Agent is not supported.