User accounts
Use this view to add, delete, modify, locate and manage users on your network. Users include network users, guest or contractor users and Administrators. Administrators can also be managed from the administrators view. Administrator are also network users, therefore, they are included in the users view with a slightly different icon. See Icons for information on each icon.
If you have an LDAP or Active Directory configured, user information is added from the directory as users register on the network. The FortiNAC Manager database is periodically synchronized with the directory to make sure that data is the same in both places. User information from the directory is matched to user information in the FortiNAC Manager database based on user ID. If you manually create a user with an ID that is the same as a user in the directory, then directory data will overwrite your manually entered data.
The relationship between users, hosts, and adapters is hierarchical. Users own or are associated with one or more hosts. Hosts contain one or more Adapters or network interfaces that connect to the network. For example, if you search for a host with IP address 192.168.5.105, you are in fact searching for the IP address of the adapter on that host. When the search displays the host, you can click on the Adapters tab, the search is automatically re-run and you see the adapter itself. If there is an associated user, you can click on the Users tab to re-run the search and see the associated user.
Click on the arrow in the left column to drill-down and display the hosts associated with the selected user. Hover over the icon in the Status column to display a tooltip with detailed information about this user. For settings, see Search settings.
Settings
Field |
Definition |
---|---|
Address |
User's street address. |
Allowed Hosts |
The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total. If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host. If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts. Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device. If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user. |
City |
User's city of residence. |
Created Date |
Date the user record was created in the database. Options include Before, After, and Between. |
Delete Hosts When User Expires |
Indicates whether hosts registered to this user should be deleted from the database when the user's record ages out of the database. |
|
User's email address. |
Expiration Date |
Controls the number of days a user is authorized on the network. Options include Before, After, Between, Never, and None. The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. See Aging out host or user records. |
Delete Hosts When User Expires |
Indicates whether hosts owned by this user should be deleted when the user ages out of the database. It is recommended that you set this to Yes. |
Inactivity Date |
Controls the number of days a User is authorized on the network. Options include Before, After, Between, Never, and None. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records or Set user expiration date. |
Inactivity Limit |
Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records or Set user expiration date. |
Last Login/Logout |
Date of the last time the user logged into or out of the network or the FortiNAC Manager admin UI. This date is used to count the number of days of inactivity. Options include Before, After, Between, and Never. |
Last Name |
User's last name. |
Mobile Number |
User's mobile phone number. Can be used to send SMS messages based on alarms. Requires the Mobile Provider to send SMS messages. |
Mobile Provider |
Provider or carrier for user's mobile phone. |
Notes |
Notes about this user. |
Phone |
User's telephone number. |
User Role |
Role assigned to the user. Roles are attributes of users and are used as filters for user/host profiles. See Roles. |
User Security & Access Value |
Value that typically comes from a field in the directory, but can be added manually. This value groups users and can be used to determine which role to apply to a user or which policy to use when scanning a user's computer. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users. |
Server |
The local FortiNAC server containing the user record. If there are multiple FortiNAC servers with the same record, that record will be associated with each server. Example: Servers A and B both contain user ASmith. If "ASmith" is searched, two records will return, one for each server. |
State |
User's state of residence. |
Status |
Current or last known status is indicated by an icon. See Icons. Hover over the icon to display additional details about this User in a tool tip. Access: Indicates whether user is enabled or disabled. |
Title |
User's title, this could be a form of address or their title within the organization. |
Type |
Type of user. Allows you to differentiate between network users and guest/contractor users. |
User ID |
Unique alphanumeric ID. If you are using a directory for authentication, this should match an entry in the directory. If it does not, FortiNAC Manager assumes that this user is authenticating locally and asks you for a password. When using a directory for authentication, fields such as name, address, email, are updated from the directory based on the user ID when the database synchronizes with the directory. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the user ID matches a user ID in the directory, the FortiNAC Manager database is updated with the directory data. |
Postal Code |
User's zip code based on their state of residence. |
Last Modified By |
User name of the last user to modify the user. |
Last Modified Date |
Date and time of the last modification to this user. |
Navigation, menus, options, and buttons
For information on selecting columns displayed in the user view see Configure table columns and tooltips. Some menu options are not available for all Users. Options may vary depending on user state.
Field |
Definition |
||
---|---|---|---|
Quick Search |
Enter a single piece of data to quickly display a list of users. Search options include: IP address, MAC address, host name, User Name, and user ID. Drop-down arrow on the right is used to create and use custom filters. If you are doing a wild card search for a MAC address you must include colons as separators, such as 00:B6:5*. Without the separators the search option cannot distinguish that it is a MAC address. When quick search is enabled, the word Search appears before the search field. When a custom filter is enabled, Edit appears before the search field. |
||
Right click options |
|||
User Properties |
Opens the Properties window for the selected user. See User properties. |
||
Add Users To Groups |
Add the selected user(s) to one or more group(s). See Add users to groups. |
||
Delete Users |
Deletes the selected user(s) from the database. See Delete a user. |
||
Disable Users |
Disables the selected user (s) preventing them from accessing the network regardless of the host they are using. Hosts registered to a disabled user will remain disabled regardless of the logged on user (if different). |
||
Enable Users |
Enables the selected user(s) if they were previously disabled. Restores network access. |
||
Group Membership |
Displays groups in which the selected user is a member. If the User is also an administrator, separate options are displayed for administrator Groups and User Groups. Options are Group Membership (User) and Group Membership (Administrator). |
||
Guest Account Details |
Displays account details for the selected guest record, such as: user ID, account status, sponsor, account type, start and end dates, availability, role, authentication, security policy, account duration, reauthentication period, success URL, and the guest's password. See Guest account details. |
||
Modify User |
Opens the Modify User window. See Add or modify a user. |
||
Policy Details |
Opens the Policy Details window and displays the policies that would apply to the selected user at this time, such as endpoint compliance policies, network access policies or Supplicant Policies. See Policy details. |
||
Set Expiration |
Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date. |
||
Set Role |
Assigns a role to the selected user. See Roles. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Audit Logs.
|
||
Show Events |
Displays all events for the selected user. |
||
Collapse All |
Collapses all records that have been expanded. |
||
Expand Selected |
Expands selected user records to display host information. |
||
Buttons |
|||
Import/Export |
Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import hosts, users or devices or Export data. |
||
Options |
Displays the same series of menu picks displayed when the right-mouse button is clicked on a selected user. |