Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Administrators

The administrators view displays a list of existing system users. Use this window to add, modify or delete FortiNAC users. Administrators are also network users, therefore, FortiNAC also displays them in the Users View. If you are logged in as an administrator, you cannot delete the administrator account that you are using.

Administrators cannot select a different administrator profile for their own account. Use a second administrator account to access the administrator user and select a different administrator profile.

If there are more than 1000 administrators in the database, the users are not automatically displayed. Instead, a confirmation dialog is shown asking if you would like to continue. Note that large numbers of records may load very slowly if not filtered. Choose Yes to display all administrators or No to reduce the number displayed by using the filters.

Settings

Fields used in filters are also defined in this table.

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. See Filters.

Update

Displays the filtered data in the table.

Administrators

User ID

Unique alphanumeric ID for this user. Required.

First Name

User's first name.

Last Name

User's last name. Required.

Admin Profile

Administrators must have an associated administrator profile that provides them with permissions for features in FortiNAC. Click the link in the administrators table for the selected user to go to the profile displayed. See Administrator profile.

Auth Type

Authentication method used for this administrator. Types include:

  • Local: Validates the user to a database on the local FortiNAC appliance.
  • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
  • RADIUS: Validates the user to a RADIUS server.

E-mail

E-mail address used to send system notifications associated with features such as alarms or profiled devices.

Phone

Optional demographic information.

Address

City

State

Postal Code

Title

Mobile Number

Mobile Phone number used for sending SMS messages to administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

User Expires

The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. The default setting for administrators is blank or Never Expire. Administrators may or may not have an expiration date depending on how the account was created. See Aging out host or user records and Set user expiration date.

Administrators assigned the System Administrator profile cannot be aged out.

User Inactivity Date

Controls the number of days a User is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

User Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC admin UI. This date is used to count the number of days of inactivity.

Last Modified By

User name of the last user to modify the administrator.

Last Modified Date

Date and time of the last modification to this administrator.

Right click menu options

Copy

Copy the selected User to create a new record.

Delete

Deletes the selected User.

Group Membership

Displays groups in which the selected user is a member.

Administrators are also regular users, therefore, separate options are displayed for administrator groups and user groups. Options are Group Membership (User) and Group Membership (Administrator).

Groups

Displays groups in which the selected user is a member. See Group membership.

Modify

Opens the Modify User window for the selected profile.

Set Admin Profile

Allows you to modify the administrator profile for one or more users. This also allows you to remove the "Administrator" Profile for a user without the need to first delete and then recreate the user. See Modify an administrator profile

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Edit Theme

Opens the User Theme dialog and allows you to modify the look and feel of the user interface for each administrator.

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import an administrator and Export data.

Administrators

The administrators view displays a list of existing system users. Use this window to add, modify or delete FortiNAC users. Administrators are also network users, therefore, FortiNAC also displays them in the Users View. If you are logged in as an administrator, you cannot delete the administrator account that you are using.

Administrators cannot select a different administrator profile for their own account. Use a second administrator account to access the administrator user and select a different administrator profile.

If there are more than 1000 administrators in the database, the users are not automatically displayed. Instead, a confirmation dialog is shown asking if you would like to continue. Note that large numbers of records may load very slowly if not filtered. Choose Yes to display all administrators or No to reduce the number displayed by using the filters.

Settings

Fields used in filters are also defined in this table.

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. See Filters.

Update

Displays the filtered data in the table.

Administrators

User ID

Unique alphanumeric ID for this user. Required.

First Name

User's first name.

Last Name

User's last name. Required.

Admin Profile

Administrators must have an associated administrator profile that provides them with permissions for features in FortiNAC. Click the link in the administrators table for the selected user to go to the profile displayed. See Administrator profile.

Auth Type

Authentication method used for this administrator. Types include:

  • Local: Validates the user to a database on the local FortiNAC appliance.
  • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
  • RADIUS: Validates the user to a RADIUS server.

E-mail

E-mail address used to send system notifications associated with features such as alarms or profiled devices.

Phone

Optional demographic information.

Address

City

State

Postal Code

Title

Mobile Number

Mobile Phone number used for sending SMS messages to administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

User Expires

The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. The default setting for administrators is blank or Never Expire. Administrators may or may not have an expiration date depending on how the account was created. See Aging out host or user records and Set user expiration date.

Administrators assigned the System Administrator profile cannot be aged out.

User Inactivity Date

Controls the number of days a User is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

User Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC admin UI. This date is used to count the number of days of inactivity.

Last Modified By

User name of the last user to modify the administrator.

Last Modified Date

Date and time of the last modification to this administrator.

Right click menu options

Copy

Copy the selected User to create a new record.

Delete

Deletes the selected User.

Group Membership

Displays groups in which the selected user is a member.

Administrators are also regular users, therefore, separate options are displayed for administrator groups and user groups. Options are Group Membership (User) and Group Membership (Administrator).

Groups

Displays groups in which the selected user is a member. See Group membership.

Modify

Opens the Modify User window for the selected profile.

Set Admin Profile

Allows you to modify the administrator profile for one or more users. This also allows you to remove the "Administrator" Profile for a user without the need to first delete and then recreate the user. See Modify an administrator profile

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Edit Theme

Opens the User Theme dialog and allows you to modify the look and feel of the user interface for each administrator.

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import an administrator and Export data.