Fortinet black logo

Administration Guide

Credential configuration

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:418910
Download PDF

Credential configuration

Configure how credentials are verified for hosts who use the Persistent Agent.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand Persistent Agent and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the device profiler. There is a method in device profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network.

Method must match the "Standard User Login Type" method selected under Portal > Portal Configuration > Global > Settings. See Configure authentication credentials.

Options:

Local - Validates the user to a database on the local FortiNAC. Use this option if you plan to enter a list of registered users.

LDAP - Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.

RADIUS - Validates the user to a third party RADIUS server. For defining 3rd party RADIUS server profiles, see Configure RADIUS settings. This option is not available for Local RADIUS.

RADIUS/LDAP - Indicates that the user is being authenticated by a third party RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

Google authentication for the Persistent Agent is not supported.

Credential configuration

Configure how credentials are verified for hosts who use the Persistent Agent.

  1. Click System > Settings.
  2. Do one of the following:
    1. In folder view, expand Persistent Agent and select Credential Configuration from the tree.
    2. In flat view, select Credential Configuration - Persistent Agent.
  3. Use the table below to configure Persistent Agent Credentials and click Save Settings.
Settings

Field

Definition

Enable Registration

If checked, any unregistered (rogue) hosts who use the Persistent Agent will be registered by the agent. Typically this is disabled when rogues are being registered by the device profiler. There is a method in device profiler that detects the presence of the Persistent Agent and can use that in combination with other criteria to register the host.

When this option is unchecked, Register as Device and Authentication Type are disabled.

Register As Device

If checked, all unregistered (rogue) hosts who use the Persistent Agent are registered automatically when they connect to the network. Then name of the host is entered in the ID field in the host record.

If unchecked, all unregistered (rogue) hosts who use the Persistent Agent are presented with a login screen to enter their credentials. The credentials are verified with the method selected in the Authentication Type field.

Authentication Type

The method used to verify the user credentials for access to the network.

Method must match the "Standard User Login Type" method selected under Portal > Portal Configuration > Global > Settings. See Configure authentication credentials.

Options:

Local - Validates the user to a database on the local FortiNAC. Use this option if you plan to enter a list of registered users.

LDAP - Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.

RADIUS - Validates the user to a third party RADIUS server. For defining 3rd party RADIUS server profiles, see Configure RADIUS settings. This option is not available for Local RADIUS.

RADIUS/LDAP - Indicates that the user is being authenticated by a third party RADIUS server but registered based on data in an LDAP server. If the user is successfully authenticated by the RADIUS server but does not exist in the LDAP database, FortiNAC will still create the user record in its own database.

Google authentication for the Persistent Agent is not supported.