Fortinet black logo

Administration Guide

Administrators

Copy Link
Copy Doc ID 3c991e35-cb27-11ec-81de-fa163e15d75b:636570

Administrators

FortiNAC's administrator system allows you to organize admins to better delegate work and also to limit which admins have what kind of access. On this page, you can add admins, edit them, and apply an Admin Profile. (See: Administrator profiles). An Admin Profile is a highly useful profile that you can create to determine what kind of privileges you, as the supervising System Administrator, want to give them.

Simply go to the Profiles tab under Users & Hosts > Administrators.

Some examples include Help Desk, Operator, Security Analyst, etc. This differentiation of admin types allows your team to work together while maintaining segmentation of data access. The process can be automated, too. You can well imagine how it might be helpful to automatically apply profiles for a very large number of temporary administrators for a conference, whose privileges should expire after a certain time period that you determine.

The profiles are ranked, so that you won't run into the problem of one user having two profiles. The user will automatically be assigned the top profile.

Here's some things you should know:

  • If you're the System Administrator, you cannot delete your account, as you control everything.
  • The underling administrators can't select their own profile. The profile is forced upon them.
  • If you want to use a different profile, then you have to use a different account.
  • If there are more than 1000 administrators in the database, the users are not automatically displayed. Large numbers of records may load slowly if not filtered.
  • You can modify passwords for appliance CLI accounts. See details in Passwords.

Note: Administrators are also network users, therefore, FortiNAC also displays them in the Users View.

Settings

Fields used in filters are also defined in this table.

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. See Filters.

Update

Displays the filtered data in the table.

Administrators

User ID

Unique alphanumeric ID for this user. Required.

First Name

User's first name.

Last Name

User's last name. Required.

Admin Profile

Administrators must have an associated administrator profile that provides them with permissions for features in FortiNAC. Click the link in the administrators table for the selected user to go to the profile displayed. See Administrator profile.

Auth Type

Authentication method used for this administrator. Types include:

  • Local: Validates the user to a database on the local FortiNAC appliance.
  • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
  • RADIUS: Validates the user to a RADIUS server.

E-mail

E-mail address used to send system notifications associated with features such as alarms or profiled devices.

Phone

Optional demographic information.

Address

City

State

Postal Code

Title

Mobile Number

Mobile Phone number used for sending SMS messages to administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

User Expires

The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. The default setting for administrators is blank or Never Expire. Administrators may or may not have an expiration date depending on how the account was created. See Aging out host or user records and Set user expiration date.

Administrators assigned the System Administrator profile cannot be aged out.

User Inactivity Date

Controls the number of days a User is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

User Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC admin UI. This date is used to count the number of days of inactivity.

Last Modified By

User name of the last user to modify the administrator.

Last Modified Date

Date and time of the last modification to this administrator.

Right click menu options

Copy

Copy the selected User to create a new record.

Delete

Deletes the selected User.

Group Membership

Displays groups in which the selected user is a member.

Administrators are also regular users, therefore, separate options are displayed for administrator groups and user groups. Options are Group Membership (User) and Group Membership (Administrator).

Groups

Displays groups in which the selected user is a member. See Group membership.

Modify

Opens the Modify User window for the selected profile.

Set Admin Profile

Allows you to modify the administrator profile for one or more users. This also allows you to remove the "Administrator" Profile for a user without the need to first delete and then recreate the user. See Modify an administrator profile

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Edit Theme

Opens the User Theme dialog and allows you to modify the look and feel of the user interface for each administrator.

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import an administrator and Export data.

Administrators

FortiNAC's administrator system allows you to organize admins to better delegate work and also to limit which admins have what kind of access. On this page, you can add admins, edit them, and apply an Admin Profile. (See: Administrator profiles). An Admin Profile is a highly useful profile that you can create to determine what kind of privileges you, as the supervising System Administrator, want to give them.

Simply go to the Profiles tab under Users & Hosts > Administrators.

Some examples include Help Desk, Operator, Security Analyst, etc. This differentiation of admin types allows your team to work together while maintaining segmentation of data access. The process can be automated, too. You can well imagine how it might be helpful to automatically apply profiles for a very large number of temporary administrators for a conference, whose privileges should expire after a certain time period that you determine.

The profiles are ranked, so that you won't run into the problem of one user having two profiles. The user will automatically be assigned the top profile.

Here's some things you should know:

  • If you're the System Administrator, you cannot delete your account, as you control everything.
  • The underling administrators can't select their own profile. The profile is forced upon them.
  • If you want to use a different profile, then you have to use a different account.
  • If there are more than 1000 administrators in the database, the users are not automatically displayed. Large numbers of records may load slowly if not filtered.
  • You can modify passwords for appliance CLI accounts. See details in Passwords.

Note: Administrators are also network users, therefore, FortiNAC also displays them in the Users View.

Settings

Fields used in filters are also defined in this table.

Field

Definition

Add Filter

Allows you to select a field from the current view to filter information. Select the field from the drop-down list, and then enter the information you wish to filter. See Filters.

Update

Displays the filtered data in the table.

Administrators

User ID

Unique alphanumeric ID for this user. Required.

First Name

User's first name.

Last Name

User's last name. Required.

Admin Profile

Administrators must have an associated administrator profile that provides them with permissions for features in FortiNAC. Click the link in the administrators table for the selected user to go to the profile displayed. See Administrator profile.

Auth Type

Authentication method used for this administrator. Types include:

  • Local: Validates the user to a database on the local FortiNAC appliance.
  • LDAP: Validates the user to a directory database. FortiNAC uses the LDAP protocol to communicate to an organization’s directory.
  • RADIUS: Validates the user to a RADIUS server.

E-mail

E-mail address used to send system notifications associated with features such as alarms or profiled devices.

Phone

Optional demographic information.

Address

City

State

Postal Code

Title

Mobile Number

Mobile Phone number used for sending SMS messages to administrators.

Mobile Provider

Mobile provider for the mobile phone number entered in the previous field. Used to send SMS messages to administrators. This field also displays the format of the SMS address that will be used to send the message. For example, if the provider is US Cellular, the format is xxxxxxxxxx@emai.uscc.net, where the x's represent the user's mobile phone number. The number is followed by the email domain of the provider's message server.

User Expires

The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. The default setting for administrators is blank or Never Expire. Administrators may or may not have an expiration date depending on how the account was created. See Aging out host or user records and Set user expiration date.

Administrators assigned the System Administrator profile cannot be aged out.

User Inactivity Date

Controls the number of days a User is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

User Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC admin UI. This date is used to count the number of days of inactivity.

Last Modified By

User name of the last user to modify the administrator.

Last Modified Date

Date and time of the last modification to this administrator.

Right click menu options

Copy

Copy the selected User to create a new record.

Delete

Deletes the selected User.

Group Membership

Displays groups in which the selected user is a member.

Administrators are also regular users, therefore, separate options are displayed for administrator groups and user groups. Options are Group Membership (User) and Group Membership (Administrator).

Groups

Displays groups in which the selected user is a member. See Group membership.

Modify

Opens the Modify User window for the selected profile.

Set Admin Profile

Allows you to modify the administrator profile for one or more users. This also allows you to remove the "Administrator" Profile for a user without the need to first delete and then recreate the user. See Modify an administrator profile

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Edit Theme

Opens the User Theme dialog and allows you to modify the look and feel of the user interface for each administrator.

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import an administrator and Export data.