Add or modify a policy
- Select Policy > Policy Configuration.
- Select Authentication.
- Click Add or select an existing policy and click Modify.
- Enter a name for the policy.
- Use the settings below to configure the new authentication policy.
- Click OK to save your policy.
Settings
Field |
Definition |
---|---|
Name |
Enter a name that describes the policy configuration. |
Authentication Method |
When enabled, the selected authentication method will override all other authentication methods configured in the portal, guest/contractor template, and Persistent Agent credential configuration. |
Invalid Credentials Message |
Enables you to modify the error message displayed in the portal and Persistent Agent when a user fails to successfully authenticate. |
Enable Authentication |
When enabled, the user is authenticated against a directory, the FortiNAC database, or a RADIUS server when logging on to access the network. |
Time in Production before Authentication |
When a user is waiting to authenticate, the host remains in the production VLAN until this time expires. If the user fails to authenticate within the time specified, the host is moved to the authentication VLAN. |
Time Offline before Deauthentication |
Once the host is offline, the user will remain authenticated for this period of time. If the host comes back online before the time period ends, the user will not need to re-authenticate. If the host comes back online after the time period ends, the user will be required to re-authenticate. Hosts which don't match a user/host profile that is associated with an authentication policy configuration will be deauthenticated after the system default time of 10 minutes. To ensure that all hosts get an authentication policy, create a catch all user/host profile and associate it to an authentication configuration. |
Reauthentication Frequency |
When set, this forces users to re-authenticate after the amount of time defined in this field passes since the last authentication regardless of the host's state. The host is moved to the authentication VLAN. |
Note |
Allows users to enter additional information about the policy. |