Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Add a guest kiosk profile

A kiosk allows visitors to your facility to create their own account. Guests have a maximum of 24 hours of access to your network, which may be only during certain hours of the day, or a pre-defined number of hours from when they log on. Guests may simply be queried for pre-defined contact data. In any case, at 11:59 PM each day, or after the allowed number of hours has elapsed, kiosk guest accounts expire.

All other profile options are disabled if kiosk mode is enabled, because guests creating their own accounts would not need access to other options.

For added security, sponsors should use a kiosk browser. Kiosk browsers block users from accessing other programs on the host or other web sites.

This procedure describes how to create a profile that gives a sponsor permission to manage a kiosk. A sponsor with kiosk mode enabled cannot access any of the regular FortiNAC windows. That user can log in to display the guest login web page and make it available on the kiosk PC.

To create a profile you must first be logged into your Administrator account.

  1. Click Users > Admin Profiles.
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a name for the profile, such as kiosk sponsor.
  4. Use the table below to fill out the settings.
  5. Under Manage Hosts and Ports select All.
  6. Select Enable Guest Kiosk.
  7. In the Kiosk Template field select a guest/contractor account template. All guest accounts created through the Kiosk will use this template.
  8. In the Kiosk Welcome Text field type the message that a guest will see when they create a guest account through the Kiosk.
  9. Click OK to save.
Settings

Field

Definition

Name

Enter a name that describes the profile, such as kiosk sponsor.

Logout After

User is logged out after this amount of time has elapsed without any activity in the user interface.

Login Availability

Specify when this sponsor can log into the network:

  • Always
  • Specify Time

The Specify Time option requires you to specify an hourly time range and the days of the week the sponsor can log in.

Manage Hosts And Ports

Restricts an administrator to a specific set of hosts or ports. The set is defined by host and port groups that are assigned to be managed by a specific group of administrators.

Any administrator that has a profile with this option enabled can only view and or modify a subset of the data in FortiNAC. Typically, this type of user would ONLY have the Manage Hosts & Ports permission set on the Permissions tab, therefore, this setting is not used frequently. Default = All.

  • All: All groups containing hosts and ports can be accessed.
  • Restrict By Groups: Enables the restriction of administrator
  • s to specific hosts and ports.

For an overview and additional setup information, see Limit access with groups.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC for an existing administrator profile record.

Enable Guest Kiosk

If you enable this mode, sponsors can log into FortiNAC to provide visitors self-serve account creation through a kiosk. For added security, use a kiosk browser. See Using a kiosk to read the sponsor’s procedure.

Sponsors with this profile cannot do anything except log into the Kiosk PC to display the Guest Login page. Sponsors who need to manually create visitor accounts cannot have Kiosk mode enabled.

Kiosk Template

Select a Kiosk template for this sponsor. All visitors who use the self-service Kiosk when this sponsor is logged in will be assigned this template.

Kiosk Welcome
Message

Enter the message that will appear when the kiosk user creates a guest account.

Add a guest kiosk profile

A kiosk allows visitors to your facility to create their own account. Guests have a maximum of 24 hours of access to your network, which may be only during certain hours of the day, or a pre-defined number of hours from when they log on. Guests may simply be queried for pre-defined contact data. In any case, at 11:59 PM each day, or after the allowed number of hours has elapsed, kiosk guest accounts expire.

All other profile options are disabled if kiosk mode is enabled, because guests creating their own accounts would not need access to other options.

For added security, sponsors should use a kiosk browser. Kiosk browsers block users from accessing other programs on the host or other web sites.

This procedure describes how to create a profile that gives a sponsor permission to manage a kiosk. A sponsor with kiosk mode enabled cannot access any of the regular FortiNAC windows. That user can log in to display the guest login web page and make it available on the kiosk PC.

To create a profile you must first be logged into your Administrator account.

  1. Click Users > Admin Profiles.
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a name for the profile, such as kiosk sponsor.
  4. Use the table below to fill out the settings.
  5. Under Manage Hosts and Ports select All.
  6. Select Enable Guest Kiosk.
  7. In the Kiosk Template field select a guest/contractor account template. All guest accounts created through the Kiosk will use this template.
  8. In the Kiosk Welcome Text field type the message that a guest will see when they create a guest account through the Kiosk.
  9. Click OK to save.
Settings

Field

Definition

Name

Enter a name that describes the profile, such as kiosk sponsor.

Logout After

User is logged out after this amount of time has elapsed without any activity in the user interface.

Login Availability

Specify when this sponsor can log into the network:

  • Always
  • Specify Time

The Specify Time option requires you to specify an hourly time range and the days of the week the sponsor can log in.

Manage Hosts And Ports

Restricts an administrator to a specific set of hosts or ports. The set is defined by host and port groups that are assigned to be managed by a specific group of administrators.

Any administrator that has a profile with this option enabled can only view and or modify a subset of the data in FortiNAC. Typically, this type of user would ONLY have the Manage Hosts & Ports permission set on the Permissions tab, therefore, this setting is not used frequently. Default = All.

  • All: All groups containing hosts and ports can be accessed.
  • Restrict By Groups: Enables the restriction of administrator
  • s to specific hosts and ports.

For an overview and additional setup information, see Limit access with groups.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC for an existing administrator profile record.

Enable Guest Kiosk

If you enable this mode, sponsors can log into FortiNAC to provide visitors self-serve account creation through a kiosk. For added security, use a kiosk browser. See Using a kiosk to read the sponsor’s procedure.

Sponsors with this profile cannot do anything except log into the Kiosk PC to display the Guest Login page. Sponsors who need to manually create visitor accounts cannot have Kiosk mode enabled.

Kiosk Template

Select a Kiosk template for this sponsor. All visitors who use the self-service Kiosk when this sponsor is logged in will be assigned this template.

Kiosk Welcome
Message

Enter the message that will appear when the kiosk user creates a guest account.