Fortinet black logo

Administration Guide

Add or modify a user

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:935940
Download PDF

Add or modify a user

User records are created as users connect to the network and register. Users can be added by importing them in a file or by entering the data manually. See Import and export data. The Add or Modify User feature allows you to create new users or edit existing ones.

  1. Select Users > User View.
  2. Click Add.
  3. In the Enter User ID window type a unique alphanumeric ID for this user. If you are using a directory for authentication, enter the user ID from the directory. This allows FortiNAC to synchronize its database with the directory and update user data.
  4. Click OK. FortiNAC verifies that the user ID is in the directory and populates fields that have existing data in the directory, such as First and Last Name.
  5. If the user is not in the directory, you can still add the user, but FortiNAC assumes that this user will authenticate locally and asks you for a password for the user.
  6. To modify an existing user, use the search or filter mechanisms on the User View to locate the appropriate user.
  7. Click on the user to select it.
  8. Click Modify.
  9. See the table below for detailed information on each field.
  10. Click OK to save your data.
Settings

Field

Definitions

Required fields

User ID

Change Password

Allows you to change the password for this user. Users who authenticate through the directory will not have a Change Password button. Only users who are locally authenticated by FortiNAC have a change password option.

First Name
Last Name

User's name as it is retrieved from the directory. If you are using a directory, these fields are updated every time the directory is re-synchronized with the database. If you are not using a directory, enter the user's first and last name.

Role

Roles are attributes of users and can be used as filters in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied.

Additional info

Address

User's address of residence.

City

User's city of residence.

State

Two letter abbreviation for state of residence.

Zip/Postal Code

Postal code for the user's city and state of residence.

Email

User's email address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

Title

This can be a form of address, such a as Mr., or a title within the organization.

Mobile Number

Mobile Phone number used for sending SMS messages to guests and administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to guests and administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Global Default

Default number of Allowed Hosts used if the Allowed Hosts field is empty. The default is set in System > Settings > User/Host Management > Allowed Hosts.

Notes

Free form notes entered by the Administrator.

Security and Access Attribute Value

This value is an attribute of users and can be used as a filter in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied. If a directory is in use, the Security and Access Attribute value comes from the directory when it is synchronized with the database. Otherwise the value can be entered manually.

Add or modify a user

User records are created as users connect to the network and register. Users can be added by importing them in a file or by entering the data manually. See Import and export data. The Add or Modify User feature allows you to create new users or edit existing ones.

  1. Select Users > User View.
  2. Click Add.
  3. In the Enter User ID window type a unique alphanumeric ID for this user. If you are using a directory for authentication, enter the user ID from the directory. This allows FortiNAC to synchronize its database with the directory and update user data.
  4. Click OK. FortiNAC verifies that the user ID is in the directory and populates fields that have existing data in the directory, such as First and Last Name.
  5. If the user is not in the directory, you can still add the user, but FortiNAC assumes that this user will authenticate locally and asks you for a password for the user.
  6. To modify an existing user, use the search or filter mechanisms on the User View to locate the appropriate user.
  7. Click on the user to select it.
  8. Click Modify.
  9. See the table below for detailed information on each field.
  10. Click OK to save your data.
Settings

Field

Definitions

Required fields

User ID

Change Password

Allows you to change the password for this user. Users who authenticate through the directory will not have a Change Password button. Only users who are locally authenticated by FortiNAC have a change password option.

First Name
Last Name

User's name as it is retrieved from the directory. If you are using a directory, these fields are updated every time the directory is re-synchronized with the database. If you are not using a directory, enter the user's first and last name.

Role

Roles are attributes of users and can be used as filters in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied.

Additional info

Address

User's address of residence.

City

User's city of residence.

State

Two letter abbreviation for state of residence.

Zip/Postal Code

Postal code for the user's city and state of residence.

Email

User's email address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

Title

This can be a form of address, such a as Mr., or a title within the organization.

Mobile Number

Mobile Phone number used for sending SMS messages to guests and administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to guests and administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Global Default

Default number of Allowed Hosts used if the Allowed Hosts field is empty. The default is set in System > Settings > User/Host Management > Allowed Hosts.

Notes

Free form notes entered by the Administrator.

Security and Access Attribute Value

This value is an attribute of users and can be used as a filter in user/host profiles. These profiles are used to determine which network access policy, endpoint compliance policy or Supplicant EasyConnect Policy is applied. If a directory is in use, the Security and Access Attribute value comes from the directory when it is synchronized with the database. Otherwise the value can be entered manually.