Type a descriptive name for the template. Sponsors use this name when they select a template to create accounts.

User type for the template. Corresponds to the account types of Guest and Contractor so that the correct view is presented to the user. See Visitor types.

Creates a role based on the template name and assigns that role to guests with accounts created using this template. Using the template name as a role allows you to limit network access based on the guest template by using the new role as a filter in a user/host profile. See User/host profiles.

When using the Wireless Security feature to configure SSID mappings, the name of the guest template selected is used to create the appropriate user/host profile allowing you to limit SSID access based on guest template.

Role is an attribute added to the user and the host. Roles can be used in user/host profiles as a filter. Note that these roles must first be configured in the Role Management view. If they are not configured, no role-based restrictions apply. Any additional roles you have configured are also listed here. The available default options are Contractor, Guest and NAC-Default. If you have not configured a Guest or Contractor role, any Host you register has the NAC-Default common role applied to it.

See Visitor types. For more on Roles see Roles.

Enter a value, such as Guest or Visitor. This field is added to each guest user account that is created based on this template and can be used as a filter. When creating user/host profiles, you can filter for the contents of the Security & Access Value field to control which endpoint compliance policy is used to scan guest hosts.

For Conference accounts, email cannot be sent until a guest has registered or you have modified the account via the User View > Modify option to enter an email address.

Select this check box if you want a sponsor with this template to be able to send an e-mail confirmation to the guest’s/contractor’s email address. If not selected (default) guest or contractor credentials need to be printed or sent via SMS.

For self-registered guest accounts this option is automatically checked and cannot be disabled.

For Guest or Contractor accounts, select this check box if you want a sponsor with this template to be able to send an SMS confirmation to the guest’s/contractor’s mobile phone. If not selected guest or contractor credentials need to be e-mailed or printed.

For self-registered guest accounts this option is automatically checked and cannot be disabled.

Requires that the guest or contractor provide both a mobile number and the mobile provider. These fields default to Required in the Data Fields tab.

Only available when Visitor Type is set to Conference. Typically used when generating a large number of accounts for a conference. Limits the total number of accounts that can be created on the Conference Account window when this template is selected.

To limit accounts, enable the check box and enter the maximum number of accounts that can ever be created using this template.

For an unlimited number of accounts, leave the check box empty.

Between 5 and 64 characters. Passwords that are automatically generated by guest manager contain at least one capital letter, one lower case letter, one alphanumeric character, and one symbol. If you have characters listed in Password Exclusions, those characters will not be used.

Note that for Conference accounts, once a template has been created, the sponsor may specify the individual different passwords for attendees when the sponsor creates the conference account. See Add Conference Accounts.

FortiNAC does not recognize or restrict system-generated passwords that may be offensive.

List of characters that will not be included in generated passwords.

Removes any existing entries and then populates the Password Exclusions field with a list of symbols that are typically difficult to enter on a mobile device. Modify the list of characters as needed. Characters include:

!@#$%^&*()_+~{}|:"<>?-=[]\;',/

Specify the number of hours the guest or contractor can access the network before reauthentication is required. To specify a reauthentication period you must first select the check box. Next fill in the reauthentication period in hours. If you do not select this check box, you will not have to specify a reauthentication period for guests or contractor accounts created with this template.

Specify where authentication occurs:

• Local: User name and password credentials are stored in the local database.

  For Conference accounts, authentication is Local only.

• LDAP: The email of the user is required, and is what guests and contractors use to log in. The email address maps to the created Guest user. When the email address is located in the LDAP directory, it is compared with the given password for the user. If it matches, the guest or contractor’s credentials are accepted and they are granted access.
• RADIUS: Checks your RADIUS server for the email address (required) in the user's created account. If a match is found, it is compared with the given password for the user. If it matches, the guest or contractor’s credentials are accepted and they are granted access.

Select the check box to specify the duration of the account in hours.

For all guests except those with shared conference accounts: The duration governs how long from creation the account remains in the database, regardless of the end date that is entered when creating the guest account.

For shared conference accounts: The duration governs how long from guest Login the account remains in the database, regardless of the end date that is entered when creating the conference.

For self-registered guest accounts this option is automatically checked and cannot be disabled. You must enter a duration.

There are two methods that work together for determining the length of time a guest account is active. The shortest duration of the two is the one that is used to remove a guest account from the database.

• Account Duration (Hours): Option included in the guest template to limit the time a guest account created with this template remains in the database. If this is blank, the guest account end date is used. The Account Duration starts only when the guest user first logs in. For example, you could create a guest account with a date range that spans one week and if the account duration was 24 hours, they would be able to log in for one 24 hour period any time during that week
• Account End Date: Option included on the Add Guest Account dialog to determine the date on which the guest account expires. This field is required when a guest account is created.

Controls whether the Propagate Hosts setting is enabled or disabled on the user record for guest users created with this template. If enabled, the record for the host owned by the guest user is copied to all managed FortiNAC appliances. This field is only displayed if the FortiNAC server is managed by a FortiNAC Control Manager.

Select when guests or contractors with this template can login to the network. Login Availability is within the timeframe you specify for the Account Duration.

The available options are:

• Always
• Specify Time: If you select this option, a window displays in which you specify the time range and select the days of the week. Click OK.

Guests created using this template are marked "At Risk" for the Guest No Access admin scan during the times they are not permitted to access the network.

Optional. Directs the guest or contractor to the page you specify with the network policies when they login.

Click to acquire the IP addresses for the URLs for Acceptable Use Policy and Successful Landing page. If the URL is not reachable, specify the IP address in the IP address field.

Portal version 1 settings

Maximum length 50 characters. Stored in the Last Name field.

Maximum length 50 characters. Stored in the First Name field.

Maximum length 50 characters. Stored in the Address field.

Maximum length 50 characters. Stored in the City field.

Standard two-letter state abbreviation, or up to 50 characters. Stored in the State field.

Maximum length 50 characters. Stored on the Notes tab.

Maximum length of 16. Stored in the Zip Code field.

Email address of the guest or contractor. Stored in the E-mail field.

This field can be modified however FortiNAC expects the contents of the field to be an email address. This field tests for a valid email address and will not allow the user to proceed without one. If the label is something other than email and other types of data are entered, the guest account may not be able to be created.

Telephone number including international country codes (for example, +1, +44). Maximum length 16. Stored in the Phone field.

Mobile Telephone number. Maximum length 16. Stored in the Add/Modify User window.

The name of the company that provides the guest with Mobile service. The guest is provided with a list of possible providers. Stored in the Add/Modify User window.

Text field for computer serial numbers, manufacturer’s name and model number, or any other asset identifier of the guest’s or contractor’s computing platform. Stored in the Serial Number field. Max.length 80 characters.

The reason for the guest’s or contractor’s visit. Max. length 80 characters. Stored on the Notes tab.

Maximum length 50 characters. Stored on the Notes tab.

Buttons

Click to add new data fields to track additional guest or contractor data, such as license plate numbers or demo equipment details. Maximum length 80 characters.

Type the name of the field in the pop-up window. Select whether to make the field required or optional.

Once new fields have been added they are stored in the Notes tab of the user’s account. To see these fields go to the User Properties window.

Delete a data field from the list. Only those fields that have been created by an administrator can be deleted. System fields can be set to Ignore so they do not display, but cannot be deleted from the template.