Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Administrator profiles

Administrator profiles are templates assigned to administrators to define what a user can do in FortiNAC. Every administrator is required to have an administrator profile. An administrator profile can be assigned to more than one administrator.

Each administrator profile contains a list of permissions that are inherited by the associated administrators. Permissions configured in administrator profiles control the views in FortiNAC that can be accessed. If permission for access is given, in most cases, the administrator can Add/Modify and Delete data.

Note

If an administrator profile that is in use is changed, the changes do not take effect until the associated administrators log out of FortiNAC and log in again.

Custom setting

For special functions such as guest manager or device profiler there are Advanced permissions. Advanced permissions control items such as the guest account templates that can be used by someone with permission for guest/contractor accounts.

Landing page

Administrator profiles also designate the first screen or landing page displayed when the administrator logs into FortiNAC, days and times that users can log in and the number of minutes of inactivity that trigger an automatic logout. Due to the complexity of the permissions structure, it is recommended that you define the job functions of your administrators to ensure that you have considered the permissions required for each administrator profile.

Profile mapping

Administrator profiles can be mapped to groups to automatically assign a profile to administrators as they are added to selected groups. Note that if administrator profile mapping is configured, moving an administrator to a group that is mapped changes their profile to the profile for the group. See Mappings process for additional information.

System Administrator

The System Administrator profile is a default system profile that cannot be copied, deleted or renamed. This is the only profile that has access to every view in FortiNAC including. See Default administrator profiles.

Settings

Field

Definition

Name

User specified name for the profile. This name is displayed in the administrator window when you are attaching the profile to an administrator.

Inactivity Time

User is logged out after this amount of time has elapsed without any activity.

Login Availability

Indicates when users with this profile can log in to FortiNAC. Options include: Always or Specify Time. If you choose Specify Time, the user is limited to certain times of day and days of the week.

Landing Page

Indicates the first view displayed when an administrator with this profile logs into FortiNAC.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC

Lock Out After Attempts

Indicates the number of allowed login attempts before the user is locked out.

Lock Out Duration

Indicates the amount of time a user is locked out before another login attempt in allowed.

Last Modified By

User name of the last user to modify the profile.

Last Modified Date

Date and time of the last modification to this profile.

Right click options

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Copy

Copy the selected Profile to create a new record. The Administrator Profile cannot be copied.

Delete

Deletes the selected Profile. Profiles cannot be deleted if they are in use. The Administrator Profile can never be deleted.

Modify

Opens the Modify Admin Profile window for the selected profile. On the administrator profile, only the Inactivity Time can be modified.

In Use

Opens a list of administrators that have the selected profile attached.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Administrator profiles

Administrator profiles are templates assigned to administrators to define what a user can do in FortiNAC. Every administrator is required to have an administrator profile. An administrator profile can be assigned to more than one administrator.

Each administrator profile contains a list of permissions that are inherited by the associated administrators. Permissions configured in administrator profiles control the views in FortiNAC that can be accessed. If permission for access is given, in most cases, the administrator can Add/Modify and Delete data.

Note

If an administrator profile that is in use is changed, the changes do not take effect until the associated administrators log out of FortiNAC and log in again.

Custom setting

For special functions such as guest manager or device profiler there are Advanced permissions. Advanced permissions control items such as the guest account templates that can be used by someone with permission for guest/contractor accounts.

Landing page

Administrator profiles also designate the first screen or landing page displayed when the administrator logs into FortiNAC, days and times that users can log in and the number of minutes of inactivity that trigger an automatic logout. Due to the complexity of the permissions structure, it is recommended that you define the job functions of your administrators to ensure that you have considered the permissions required for each administrator profile.

Profile mapping

Administrator profiles can be mapped to groups to automatically assign a profile to administrators as they are added to selected groups. Note that if administrator profile mapping is configured, moving an administrator to a group that is mapped changes their profile to the profile for the group. See Mappings process for additional information.

System Administrator

The System Administrator profile is a default system profile that cannot be copied, deleted or renamed. This is the only profile that has access to every view in FortiNAC including. See Default administrator profiles.

Settings

Field

Definition

Name

User specified name for the profile. This name is displayed in the administrator window when you are attaching the profile to an administrator.

Inactivity Time

User is logged out after this amount of time has elapsed without any activity.

Login Availability

Indicates when users with this profile can log in to FortiNAC. Options include: Always or Specify Time. If you choose Specify Time, the user is limited to certain times of day and days of the week.

Landing Page

Indicates the first view displayed when an administrator with this profile logs into FortiNAC.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC

Lock Out After Attempts

Indicates the number of allowed login attempts before the user is locked out.

Lock Out Duration

Indicates the amount of time a user is locked out before another login attempt in allowed.

Last Modified By

User name of the last user to modify the profile.

Last Modified Date

Date and time of the last modification to this profile.

Right click options

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Copy

Copy the selected Profile to create a new record. The Administrator Profile cannot be copied.

Delete

Deletes the selected Profile. Profiles cannot be deleted if they are in use. The Administrator Profile can never be deleted.

Modify

Opens the Modify Admin Profile window for the selected profile. On the administrator profile, only the Inactivity Time can be modified.

In Use

Opens a list of administrators that have the selected profile attached.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.