When you create or modify an administrator, you must attach an administrator profile to the account. Before adding administrators to manage guests, create an administrator profile that contains the set of permissions that allow the administrator to sponsor guest, contractor, or conference accounts. The profile limits the administrator's access to FortiNAC features.
When an administrator with an administrator profile logs into FortiNAC, the system presents the views available based on the user's default permissions. You can configure administrators to authenticate locally or externally via RADIUS or LDAP. If the administrator cannot be authenticated, an error message specifying the problem displays.
If you are creating administrators to manage guests or devices, you must create an administrator who has the appropriate administrator profile associated. See Administrator profiles.
- Select Users & Hosts > Administrators.
- Select Add.
- Enter an alphanumeric User ID for the new administrator and click OK.
As you enter the user ID, the network user database is checked to see if there is a current user with the same ID and a drop-down list of matching users is displayed.
If you enter an ID that already exists as a regular network user, the network user and the administrator become the same person with a single account. This allows you to give a network user administrator privileges to help with some administrative tasks.
- Use the table of below for settings:
Authentication method used for this administrator. Types include:
- Local: Validates the user to a database on the local FortiNAC appliance.
- LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
- RADIUS: Validates the user to a RADIUS server.
Profiles control permissions for administrators. See Administrator profiles.
- Add: Opens the administrator profiles window allowing you to create a new profile without exiting the Add User window.
- Modify: Allows you to modify the selected administrator profile. Note that modifications to the profile affect all administrators that have been assigned that profile.
Unique alphanumeric ID for this user.
Password used for local authentication.
If you authenticate users through LDAP or RADIUS, the password field is disabled and the user must log in with his LDAP or RADIUS password.
User's first name.
User's last name.
Optional demographic information.
E-mail address used to send system notifications associated with features such as alarms or profiled devices. Also used to send guest self registration requests from guests requesting an account. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.
User's title, such as Mr. or Ms.
Mobile Phone number used for sending SMS messages to administrators.
Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is firstname.lastname@example.org, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.
Free form notes field for additional information.
User Never Expires
If enabled, administrators are never aged out of the database. The default is enabled.
Administrators assigned the System Administrator profile cannot be aged out.
The Propagate Hosts setting controls whether or not the record for the host owned by the user is copied to all managed FortiNAC appliances. This field is only displayed if the FortiNAC server is managed by a FortiNAC Control Manager.
- Click OK to save the new user.