Fortinet black logo

Administration Guide

Add an administrator

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:75584
Download PDF

Add an administrator

If you are creating administrators to manage guests or devices, you must create an administrator who has the appropriate administrator profile associated. See Administrator profiles.

  1. Select Users > Admin Users.
  2. Select Add.
  3. Enter an alphanumeric User ID for the new administrator and click OK.

    As you enter the user ID, the network user database is checked to see if there is a current user with the same ID and a drop-down list of matching users is displayed.

    If you enter an ID that already exists as a regular network user, the network user and the administrator become the same person with a single account. This allows you to give a network user administrator privileges to help with some administrative tasks.

  4. Use the table of below for settings:

    Field

    Definition

    Authentication Type

    Authentication method used for this administrator. Types include:

    • Local: Validates the user to a database on the local FortiNAC appliance.
    • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
    • RADIUS: Validates the user to a RADIUS server.

    Admin Profile

    Profiles control permissions for administrators. See Administrator profiles.

    • Add: Opens the administrator profiles window allowing you to create a new profile without exiting the Add User window.
    • Modify: Allows you to modify the selected administrator profile. Note that modifications to the profile affect all administrators that have been assigned that profile.

    User ID

    Unique alphanumeric ID for this user.

    Password

    Password used for local authentication.

    If you authenticate users through LDAP or RADIUS, the password field is disabled and the user must log in with his LDAP or RADIUS password.

    First Name

    User's first name.

    Last Name

    User's last name.

    Address

    Optional demographic information.

    City

    State

    Zip/Postal Code

    Phone

    E-mail

    E-mail address used to send system notifications associated with features such as alarms or profiled devices. Also used to send guest self registration requests from guests requesting an account. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

    Title

    User's title, such as Mr. or Ms.

    Mobile Number

    Mobile Phone number used for sending SMS messages to administrators.

    Mobile Provider

    Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@email.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

    Notes

    Free form notes field for additional information.

    User Never Expires

    If enabled, administrators are never aged out of the database. The default is enabled.

    Note

    Administrators assigned the System Administrator profile cannot be aged out.

    Propagate Hosts

    The Propagate Hosts setting controls whether or not the record for the host owned by the user is copied to all managed FortiNAC appliances. This field is only displayed if the FortiNAC server is managed by a FortiNAC Control Manager.

  5. Click OK to save the new user.

Add an administrator

If you are creating administrators to manage guests or devices, you must create an administrator who has the appropriate administrator profile associated. See Administrator profiles.

  1. Select Users > Admin Users.
  2. Select Add.
  3. Enter an alphanumeric User ID for the new administrator and click OK.

    As you enter the user ID, the network user database is checked to see if there is a current user with the same ID and a drop-down list of matching users is displayed.

    If you enter an ID that already exists as a regular network user, the network user and the administrator become the same person with a single account. This allows you to give a network user administrator privileges to help with some administrative tasks.

  4. Use the table of below for settings:

    Field

    Definition

    Authentication Type

    Authentication method used for this administrator. Types include:

    • Local: Validates the user to a database on the local FortiNAC appliance.
    • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
    • RADIUS: Validates the user to a RADIUS server.

    Admin Profile

    Profiles control permissions for administrators. See Administrator profiles.

    • Add: Opens the administrator profiles window allowing you to create a new profile without exiting the Add User window.
    • Modify: Allows you to modify the selected administrator profile. Note that modifications to the profile affect all administrators that have been assigned that profile.

    User ID

    Unique alphanumeric ID for this user.

    Password

    Password used for local authentication.

    If you authenticate users through LDAP or RADIUS, the password field is disabled and the user must log in with his LDAP or RADIUS password.

    First Name

    User's first name.

    Last Name

    User's last name.

    Address

    Optional demographic information.

    City

    State

    Zip/Postal Code

    Phone

    E-mail

    E-mail address used to send system notifications associated with features such as alarms or profiled devices. Also used to send guest self registration requests from guests requesting an account. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

    Title

    User's title, such as Mr. or Ms.

    Mobile Number

    Mobile Phone number used for sending SMS messages to administrators.

    Mobile Provider

    Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@email.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

    Notes

    Free form notes field for additional information.

    User Never Expires

    If enabled, administrators are never aged out of the database. The default is enabled.

    Note

    Administrators assigned the System Administrator profile cannot be aged out.

    Propagate Hosts

    The Propagate Hosts setting controls whether or not the record for the host owned by the user is copied to all managed FortiNAC appliances. This field is only displayed if the FortiNAC server is managed by a FortiNAC Control Manager.

  5. Click OK to save the new user.