Fortinet black logo

Administration Guide

Guest accounts

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:444353
Download PDF

Guest accounts

This option allows you to create accounts for guests visiting your facility. It provides a user name and password for each guest. Guests are authenticated through FortiNAC. Administrators, operators, and help desk users all have permission to create guest accounts.

The guest account option is not available if you are using the guest manager feature. The guest manager feature provides extensive guest creation and management options.

Add a guest account

Guest accounts can be viewed and modified in the Users View. Guest accounts are provided with a default Security and Access value of "guest" allowing you to use this as a filter for user/host profiles. When a guest matches a profile the guest receives the endpoint compliance policy associated with that profile. You can use the same user/host profile to assign a network access policy and assign guest hosts to a VLAN. See Endpoint compliance policies and Network access policies for additional information.

  1. Select Bookmarks > Guest Account. If you do not see a guest account option, it may be because the guest manager feature is enabled.
  2. Enter the guest's First and Last names. The Last Name field is the guest's user name at login and is required.
  3. Enter an ID. This field is required.
  4. Enter a Password. This field is required.
  5. Select the number of days this account will be valid from the Days Valid drop-down. Options are 1, 7 or 28. This controls the number of days that the guest record remains in the database. After the selected number of days has elapsed the guest's record is deleted.
  6. The information in the Additional Information section of the window is optional. Complete any fields required by your organization.
  7. Click Apply to save the guest account.

When a guest connects to the network and reaches the login page, the last name is used as the user name. If you are using the Version 1 Portal pages, you can edit the .html files directly to modify the labels on the fields on the login page. If you have disabled the Version 1 Portal pages and are using the portal pages that shipped with FortiNAC, the field labels can be modified using the content editor in the portal configuration window.

Portal page requirements

If you are using your Version 1 Portal pages and you already have guest pages set up, you do not need to make any modifications. If you have disabled the Version 1 Portal pages and chose to use the Portal pages provided with FortiNAC, there are a few fields that must be edited to allow guests to login using accounts created with the Guest Account tab on the dashboard. These options do not apply to guest accounts created with guest manager.

Note

If you are using local authentication for guests, do not enable the First Name and Last Name fields on the Custom Login Form. Information entered by guests at login in these fields is added to the database and will modify their authentication credentials. Guests would no longer be able to log in with their original credentials.

Configure guest login

The Guest Login designated in the portal configuration content editor is used to configure settings for guest manager. If you are not using guest manager you must disable that login and enable the custom registration login.

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Registration.
  5. Click on Login Menu. The properties for that page are displayed in the right pane.
  6. Scroll down to the Guest Login Enabled check box and remove the check mark.
  7. Scroll to the Custom Registration Enabled check box and mark it with a check mark.
  8. Scroll to the Custom Registration Link Text field and enter the text for the link to the guest login page, such as guest login or guest registration.
  9. Scroll to the Custom Registration Title field and enter the text that should display above the link to the guest login page.
  10. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.

Configure guest authentication

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Global in the left hand pane to expand it.
  5. Click on Settings within Global. The properties for that page are displayed in the right pane.
  6. Scroll down to Custom Login Type and select Local from the drop-down menu.
  7. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.

Modify user name field label

When guest accounts are created, the guest's last name is considered the User Name for login. The Login page asks for User Name and Password. You can either advise your guests that their last name is their user name or you can modify the Login page and set the label appropriately.

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Registration.
  5. Click on Custom Login Form. The properties for that page are displayed in the right pane.
  6. Scroll to the User Name Field Label field and change the label to Last Name or some other user-specified name.
  7. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.

Guest accounts

This option allows you to create accounts for guests visiting your facility. It provides a user name and password for each guest. Guests are authenticated through FortiNAC. Administrators, operators, and help desk users all have permission to create guest accounts.

The guest account option is not available if you are using the guest manager feature. The guest manager feature provides extensive guest creation and management options.

Add a guest account

Guest accounts can be viewed and modified in the Users View. Guest accounts are provided with a default Security and Access value of "guest" allowing you to use this as a filter for user/host profiles. When a guest matches a profile the guest receives the endpoint compliance policy associated with that profile. You can use the same user/host profile to assign a network access policy and assign guest hosts to a VLAN. See Endpoint compliance policies and Network access policies for additional information.

  1. Select Bookmarks > Guest Account. If you do not see a guest account option, it may be because the guest manager feature is enabled.
  2. Enter the guest's First and Last names. The Last Name field is the guest's user name at login and is required.
  3. Enter an ID. This field is required.
  4. Enter a Password. This field is required.
  5. Select the number of days this account will be valid from the Days Valid drop-down. Options are 1, 7 or 28. This controls the number of days that the guest record remains in the database. After the selected number of days has elapsed the guest's record is deleted.
  6. The information in the Additional Information section of the window is optional. Complete any fields required by your organization.
  7. Click Apply to save the guest account.

When a guest connects to the network and reaches the login page, the last name is used as the user name. If you are using the Version 1 Portal pages, you can edit the .html files directly to modify the labels on the fields on the login page. If you have disabled the Version 1 Portal pages and are using the portal pages that shipped with FortiNAC, the field labels can be modified using the content editor in the portal configuration window.

Portal page requirements

If you are using your Version 1 Portal pages and you already have guest pages set up, you do not need to make any modifications. If you have disabled the Version 1 Portal pages and chose to use the Portal pages provided with FortiNAC, there are a few fields that must be edited to allow guests to login using accounts created with the Guest Account tab on the dashboard. These options do not apply to guest accounts created with guest manager.

Note

If you are using local authentication for guests, do not enable the First Name and Last Name fields on the Custom Login Form. Information entered by guests at login in these fields is added to the database and will modify their authentication credentials. Guests would no longer be able to log in with their original credentials.

Configure guest login

The Guest Login designated in the portal configuration content editor is used to configure settings for guest manager. If you are not using guest manager you must disable that login and enable the custom registration login.

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Registration.
  5. Click on Login Menu. The properties for that page are displayed in the right pane.
  6. Scroll down to the Guest Login Enabled check box and remove the check mark.
  7. Scroll to the Custom Registration Enabled check box and mark it with a check mark.
  8. Scroll to the Custom Registration Link Text field and enter the text for the link to the guest login page, such as guest login or guest registration.
  9. Scroll to the Custom Registration Title field and enter the text that should display above the link to the guest login page.
  10. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.

Configure guest authentication

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Global in the left hand pane to expand it.
  5. Click on Settings within Global. The properties for that page are displayed in the right pane.
  6. Scroll down to Custom Login Type and select Local from the drop-down menu.
  7. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.

Modify user name field label

When guest accounts are created, the guest's last name is considered the User Name for login. The Login page asks for User Name and Password. You can either advise your guests that their last name is their user name or you can modify the Login page and set the label appropriately.

  1. Select System > Portal Configuration.
  2. Click the Show Advanced Settings check box to display all of the configuration tabs.
  3. Click on the Content Editor tab.
  4. Click on Registration.
  5. Click on Custom Login Form. The properties for that page are displayed in the right pane.
  6. Scroll to the User Name Field Label field and change the label to Last Name or some other user-specified name.
  7. Click Apply to save your changes. When changes are made to the portal pages there is a delay before the changes are displayed.