Fortinet black logo

Administration Guide

Create guest/contractor accounts

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:634151
Download PDF

Create guest/contractor accounts

Guest manager allows administrators with sponsor administrator profiles to create and manage guest or contractor accounts. This helps to:

  • Free IT staff from the daily burden of creating accounts for visiting users.
  • Ensure that guest and contractor accounts get created ahead of time so they do not have to wait for their accounts to be created when they arrive.

To set up accounts for guests or contractors before they arrive at your organization:

  1. Log into your sponsor account.
  2. The Guest/Contractor Accounts window is displayed. Administrators select Users > Guest/Contractor Accounts.
  3. Click Add to open a new screen.
  4. Click Single Account. Enter the information described below in Create guest/contractor accounts.

    E-mail Address, Start and End dates are required. Additional personal information about the guest or contractor is optional. If the additional personal information is blank, the guest or contractor is prompted to fill in those fields before logging into the network.

    If Send SMS is enabled in the template, then Mobile Number and Mobile Provider are also required to allow you to send a message to the guest's mobile telephone.

  5. Click OK. The View Accounts screen opens with the account information in it. See Provide login information.
  6. Click Print or Send e-mail or Send SMS to provide account information and password to the guest or contractor, or Close. These options are visible to you depending on the privileges you have in your profile. Additional text can be added to the printout or email by typing the text into the Notes tab on the guest/contractor template before creating the account. See Create templates.

Guests also display on the user view. See User View.

Settings

Field

Definition

Template

Click the down arrow on the Template box and select the type of template you want to use for the account.

Information required to create account

E-mail

Enter the E-mail address of the guest or contractor. This is the only personal information you are required to enter.

Password

A password is automatically generated for this guest. Click Generate Password to generate a new password if necessary or enter a password manually. Password must meet the minimum length designated in the selected guest template.

Note

FortiNAC does not recognize or restrict system-generated passwords that may be offensive.

Note

If LDAP is specified as the authentication method in the selected guest template, the Password field is not displayed.

Account Start Date

Click the calendar icon to the right to select a date or enter the date and time (using a 24-hour clock format) the account will become active for the guest or contractor.

Account End Date

Click the calendar icon to the right to select a date or enter the date and time (using a 24-hour clock format) the account will expire. At that time, the guest or contractor will no longer be able to access the network.

This defaults to the date and time calculated based on the number of hours entered in the Account Duration field in the guest template. If this field is empty, no account duration has been entered in the guest template. Administrators that have an administrator profile with custom guest/contractor account permissions will be restricted to choosing an end date that is within the bounds of the "Create accounts active for days (maximum)" setting as defined in the administrator profile. For example, if your administrator profile has a "Create accounts active for days" set to 20, you will not be able to choose an end date that is more than 20 days ahead of the chosen start date.

This date sets the user expiration date for the guest. The host registered to this guest inherits the setting for registered hosts in Global Aging. When the user expires, both the user and host are removed from the database. If the host expires first, then only the host is removed from the database.

There are two methods that work together for determining the length of time a guest account is active. The shortest duration of the two is the one that is used to remove a guest account from the database.

Account Duration (Hours): Option included in the guest template to limit the time a guest account created with this template remains in the database. If this is blank, the guest account end date is used. The Account Duration starts only when the guest user first logs in. For example, you could create a guest account with a date range that spans one week and if the account duration was 24 hours, they would be able to log in for one 24 hour period any time during that week

Account End Date: Option included on the Add Guest Account dialog to determine the date on which the guest account expires. This field is required when a guest account is created.

Additional account information

First Name

The guest or contractor’s required personal data and the fields below may be entered by the sponsor before the arrival of the guests, or may be left for the individual guests to fill out themselves.

The Required Fields under the Additional Account Information heading are designated with an asterisk (*). These fields must be filled in before the guest or contractor will be granted network access.

Last Name

Address

City

State

Country

Zip/Postal Code

Phone

Asset

The computer serial number, manufacturer’s name, and model number, or any other asset identifier of the guest or contractor’s computing platform. There may be other Administrator-defined fields here as well, such as license plate. This field has a maximum length of 80.

Reporting To

In this example, these fields were added when the template was created and marked as Required.

Department

Create guest/contractor accounts

Guest manager allows administrators with sponsor administrator profiles to create and manage guest or contractor accounts. This helps to:

  • Free IT staff from the daily burden of creating accounts for visiting users.
  • Ensure that guest and contractor accounts get created ahead of time so they do not have to wait for their accounts to be created when they arrive.

To set up accounts for guests or contractors before they arrive at your organization:

  1. Log into your sponsor account.
  2. The Guest/Contractor Accounts window is displayed. Administrators select Users > Guest/Contractor Accounts.
  3. Click Add to open a new screen.
  4. Click Single Account. Enter the information described below in Create guest/contractor accounts.

    E-mail Address, Start and End dates are required. Additional personal information about the guest or contractor is optional. If the additional personal information is blank, the guest or contractor is prompted to fill in those fields before logging into the network.

    If Send SMS is enabled in the template, then Mobile Number and Mobile Provider are also required to allow you to send a message to the guest's mobile telephone.

  5. Click OK. The View Accounts screen opens with the account information in it. See Provide login information.
  6. Click Print or Send e-mail or Send SMS to provide account information and password to the guest or contractor, or Close. These options are visible to you depending on the privileges you have in your profile. Additional text can be added to the printout or email by typing the text into the Notes tab on the guest/contractor template before creating the account. See Create templates.

Guests also display on the user view. See User View.

Settings

Field

Definition

Template

Click the down arrow on the Template box and select the type of template you want to use for the account.

Information required to create account

E-mail

Enter the E-mail address of the guest or contractor. This is the only personal information you are required to enter.

Password

A password is automatically generated for this guest. Click Generate Password to generate a new password if necessary or enter a password manually. Password must meet the minimum length designated in the selected guest template.

Note

FortiNAC does not recognize or restrict system-generated passwords that may be offensive.

Note

If LDAP is specified as the authentication method in the selected guest template, the Password field is not displayed.

Account Start Date

Click the calendar icon to the right to select a date or enter the date and time (using a 24-hour clock format) the account will become active for the guest or contractor.

Account End Date

Click the calendar icon to the right to select a date or enter the date and time (using a 24-hour clock format) the account will expire. At that time, the guest or contractor will no longer be able to access the network.

This defaults to the date and time calculated based on the number of hours entered in the Account Duration field in the guest template. If this field is empty, no account duration has been entered in the guest template. Administrators that have an administrator profile with custom guest/contractor account permissions will be restricted to choosing an end date that is within the bounds of the "Create accounts active for days (maximum)" setting as defined in the administrator profile. For example, if your administrator profile has a "Create accounts active for days" set to 20, you will not be able to choose an end date that is more than 20 days ahead of the chosen start date.

This date sets the user expiration date for the guest. The host registered to this guest inherits the setting for registered hosts in Global Aging. When the user expires, both the user and host are removed from the database. If the host expires first, then only the host is removed from the database.

There are two methods that work together for determining the length of time a guest account is active. The shortest duration of the two is the one that is used to remove a guest account from the database.

Account Duration (Hours): Option included in the guest template to limit the time a guest account created with this template remains in the database. If this is blank, the guest account end date is used. The Account Duration starts only when the guest user first logs in. For example, you could create a guest account with a date range that spans one week and if the account duration was 24 hours, they would be able to log in for one 24 hour period any time during that week

Account End Date: Option included on the Add Guest Account dialog to determine the date on which the guest account expires. This field is required when a guest account is created.

Additional account information

First Name

The guest or contractor’s required personal data and the fields below may be entered by the sponsor before the arrival of the guests, or may be left for the individual guests to fill out themselves.

The Required Fields under the Additional Account Information heading are designated with an asterisk (*). These fields must be filled in before the guest or contractor will be granted network access.

Last Name

Address

City

State

Country

Zip/Postal Code

Phone

Asset

The computer serial number, manufacturer’s name, and model number, or any other asset identifier of the guest or contractor’s computing platform. There may be other Administrator-defined fields here as well, such as license plate. This field has a maximum length of 80.

Reporting To

In this example, these fields were added when the template was created and marked as Required.

Department