Fortinet white logo
Fortinet white logo

FortiNAC Manager

9.4.0

User accounts

User accounts

Use this view to add, delete, modify, locate and manage users on your network. Users include network users, guest or contractor users and Administrators. Administrators can also be managed from the administrators view. Administrator are also network users, therefore, they are included in the users view with a slightly different icon. See Icons for information on each icon.

If you have an LDAP or Active Directory configured, user information is added from the directory as users register on the network. The FortiNAC Manager database is periodically synchronized with the directory to make sure that data is the same in both places. User information from the directory is matched to user information in the FortiNAC Manager database based on user ID. If you manually create a user with an ID that is the same as a user in the directory, then directory data will overwrite your manually entered data.

The relationship between users, hosts, and adapters is hierarchical. Users own or are associated with one or more hosts. Hosts contain one or more Adapters or network interfaces that connect to the network. For example, if you search for a host with IP address 192.168.5.105, you are in fact searching for the IP address of the adapter on that host. When the search displays the host, you can click on the Adapters tab, the search is automatically re-run and you see the adapter itself. If there is an associated user, you can click on the Users tab to re-run the search and see the associated user.

Click on the arrow in the left column to drill-down and display the hosts associated with the selected user. Hover over the icon in the Status column to display a tooltip with detailed information about this user. For settings, see Search settings.

Settings

Field

Definition

Address

User's street address.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

City

User's city of residence.

Created Date

Date the user record was created in the database. Options include Before, After, and Between.

Delete Hosts When User Expires

Indicates whether hosts registered to this user should be deleted from the database when the user's record ages out of the database.

Email

User's email address.

Expiration Date

Controls the number of days a user is authorized on the network. Options include Before, After, Between, Never, and None. The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. See Aging out host or user records.

Delete Hosts When User Expires

Indicates whether hosts owned by this user should be deleted when the user ages out of the database. It is recommended that you set this to Yes.

Inactivity Date

Controls the number of days a User is authorized on the network. Options include Before, After, Between, Never, and None. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records or Set user expiration date.

Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records or Set user expiration date.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC Manager admin UI. This date is used to count the number of days of inactivity. Options include Before, After, Between, and Never.

Last Name

User's last name.

Mobile Number

User's mobile phone number. Can be used to send SMS messages based on alarms. Requires the Mobile Provider to send SMS messages.

Mobile Provider

Provider or carrier for user's mobile phone.

Notes

Notes about this user.

Phone

User's telephone number.

User Role

Role assigned to the user. Roles are attributes of users and are used as filters for user/host profiles. See Roles.

User Security & Access Value

Value that typically comes from a field in the directory, but can be added manually. This value groups users and can be used to determine which role to apply to a user or which policy to use when scanning a user's computer. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

Server

The local FortiNAC server containing the user record. If there are multiple FortiNAC servers with the same record, that record will be associated with each server. Example: Servers A and B both contain user ASmith. If "ASmith" is searched, two records will return, one for each server.

State

User's state of residence.

Status

Current or last known status is indicated by an icon. See Icons. Hover over the icon to display additional details about this User in a tool tip.

Access: Indicates whether user is enabled or disabled.

Title

User's title, this could be a form of address or their title within the organization.

Type

Type of user. Allows you to differentiate between network users and guest/contractor users.

User ID

Unique alphanumeric ID. If you are using a directory for authentication, this should match an entry in the directory. If it does not, FortiNAC Manager assumes that this user is authenticating locally and asks you for a password.

When using a directory for authentication, fields such as name, address, email, are updated from the directory based on the user ID when the database synchronizes with the directory. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the user ID matches a user ID in the directory, the FortiNAC Manager database is updated with the directory data.

Postal Code

User's zip code based on their state of residence.

Last Modified By

User name of the last user to modify the user.

Last Modified Date

Date and time of the last modification to this user.

Navigation, menus, options, and buttons

For information on selecting columns displayed in the user view see Configure table columns and tooltips. Some menu options are not available for all Users. Options may vary depending on user state.

Field

Definition

Quick Search

Enter a single piece of data to quickly display a list of users. Search options include: IP address, MAC address, host name, User Name, and user ID. Drop-down arrow on the right is used to create and use custom filters.

If you are doing a wild card search for a MAC address you must include colons as separators, such as 00:B6:5*. Without the separators the search option cannot distinguish that it is a MAC address.

When quick search is enabled, the word Search appears before the search field. When a custom filter is enabled, Edit appears before the search field.

Right click options

User Properties

Opens the Properties window for the selected user. See User properties.

Add Users To Groups

Add the selected user(s) to one or more group(s). See Add users to groups.

Delete Users

Deletes the selected user(s) from the database. See Delete a user.

Disable Users

Disables the selected user (s) preventing them from accessing the network regardless of the host they are using. Hosts registered to a disabled user will remain disabled regardless of the logged on user (if different).

Enable Users

Enables the selected user(s) if they were previously disabled. Restores network access.

Group Membership

Displays groups in which the selected user is a member.

If the User is also an administrator, separate options are displayed for administrator Groups and User Groups. Options are Group Membership (User) and Group Membership (Administrator).

Guest Account Details

Displays account details for the selected guest record, such as: user ID, account status, sponsor, account type, start and end dates, availability, role, authentication, security policy, account duration, reauthentication period, success URL, and the guest's password. See Guest account details.

Modify User

Opens the Modify User window. See Add or modify a user.

Policy Details

Opens the Policy Details window and displays the policies that would apply to the selected user at this time, such as endpoint compliance policies, network access policies or Supplicant Policies. See Policy details.

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Set Role

Assigns a role to the selected user. See Roles.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Show Events

Displays all events for the selected user.

Collapse All

Collapses all records that have been expanded.

Expand Selected

Expands selected user records to display host information.

Buttons

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import hosts, users or devices or Export data.

Options

Displays the same series of menu picks displayed when the right-mouse button is clicked on a selected user.

User accounts

User accounts

Use this view to add, delete, modify, locate and manage users on your network. Users include network users, guest or contractor users and Administrators. Administrators can also be managed from the administrators view. Administrator are also network users, therefore, they are included in the users view with a slightly different icon. See Icons for information on each icon.

If you have an LDAP or Active Directory configured, user information is added from the directory as users register on the network. The FortiNAC Manager database is periodically synchronized with the directory to make sure that data is the same in both places. User information from the directory is matched to user information in the FortiNAC Manager database based on user ID. If you manually create a user with an ID that is the same as a user in the directory, then directory data will overwrite your manually entered data.

The relationship between users, hosts, and adapters is hierarchical. Users own or are associated with one or more hosts. Hosts contain one or more Adapters or network interfaces that connect to the network. For example, if you search for a host with IP address 192.168.5.105, you are in fact searching for the IP address of the adapter on that host. When the search displays the host, you can click on the Adapters tab, the search is automatically re-run and you see the adapter itself. If there is an associated user, you can click on the Users tab to re-run the search and see the associated user.

Click on the arrow in the left column to drill-down and display the hosts associated with the selected user. Hover over the icon in the Status column to display a tooltip with detailed information about this user. For settings, see Search settings.

Settings

Field

Definition

Address

User's street address.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

City

User's city of residence.

Created Date

Date the user record was created in the database. Options include Before, After, and Between.

Delete Hosts When User Expires

Indicates whether hosts registered to this user should be deleted from the database when the user's record ages out of the database.

Email

User's email address.

Expiration Date

Controls the number of days a user is authorized on the network. Options include Before, After, Between, Never, and None. The user is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. See Aging out host or user records.

Delete Hosts When User Expires

Indicates whether hosts owned by this user should be deleted when the user ages out of the database. It is recommended that you set this to Yes.

Inactivity Date

Controls the number of days a User is authorized on the network. Options include Before, After, Between, Never, and None. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records or Set user expiration date.

Inactivity Limit

Number of days the user must remain continuously inactive on the network to be removed from the database. See Aging out host or user records or Set user expiration date.

Last Login/Logout

Date of the last time the user logged into or out of the network or the FortiNAC Manager admin UI. This date is used to count the number of days of inactivity. Options include Before, After, Between, and Never.

Last Name

User's last name.

Mobile Number

User's mobile phone number. Can be used to send SMS messages based on alarms. Requires the Mobile Provider to send SMS messages.

Mobile Provider

Provider or carrier for user's mobile phone.

Notes

Notes about this user.

Phone

User's telephone number.

User Role

Role assigned to the user. Roles are attributes of users and are used as filters for user/host profiles. See Roles.

User Security & Access Value

Value that typically comes from a field in the directory, but can be added manually. This value groups users and can be used to determine which role to apply to a user or which policy to use when scanning a user's computer. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

Server

The local FortiNAC server containing the user record. If there are multiple FortiNAC servers with the same record, that record will be associated with each server. Example: Servers A and B both contain user ASmith. If "ASmith" is searched, two records will return, one for each server.

State

User's state of residence.

Status

Current or last known status is indicated by an icon. See Icons. Hover over the icon to display additional details about this User in a tool tip.

Access: Indicates whether user is enabled or disabled.

Title

User's title, this could be a form of address or their title within the organization.

Type

Type of user. Allows you to differentiate between network users and guest/contractor users.

User ID

Unique alphanumeric ID. If you are using a directory for authentication, this should match an entry in the directory. If it does not, FortiNAC Manager assumes that this user is authenticating locally and asks you for a password.

When using a directory for authentication, fields such as name, address, email, are updated from the directory based on the user ID when the database synchronizes with the directory. This is true regardless of how the user is created and whether the user is locally authenticated or authenticated through the directory. If the user ID matches a user ID in the directory, the FortiNAC Manager database is updated with the directory data.

Postal Code

User's zip code based on their state of residence.

Last Modified By

User name of the last user to modify the user.

Last Modified Date

Date and time of the last modification to this user.

Navigation, menus, options, and buttons

For information on selecting columns displayed in the user view see Configure table columns and tooltips. Some menu options are not available for all Users. Options may vary depending on user state.

Field

Definition

Quick Search

Enter a single piece of data to quickly display a list of users. Search options include: IP address, MAC address, host name, User Name, and user ID. Drop-down arrow on the right is used to create and use custom filters.

If you are doing a wild card search for a MAC address you must include colons as separators, such as 00:B6:5*. Without the separators the search option cannot distinguish that it is a MAC address.

When quick search is enabled, the word Search appears before the search field. When a custom filter is enabled, Edit appears before the search field.

Right click options

User Properties

Opens the Properties window for the selected user. See User properties.

Add Users To Groups

Add the selected user(s) to one or more group(s). See Add users to groups.

Delete Users

Deletes the selected user(s) from the database. See Delete a user.

Disable Users

Disables the selected user (s) preventing them from accessing the network regardless of the host they are using. Hosts registered to a disabled user will remain disabled regardless of the logged on user (if different).

Enable Users

Enables the selected user(s) if they were previously disabled. Restores network access.

Group Membership

Displays groups in which the selected user is a member.

If the User is also an administrator, separate options are displayed for administrator Groups and User Groups. Options are Group Membership (User) and Group Membership (Administrator).

Guest Account Details

Displays account details for the selected guest record, such as: user ID, account status, sponsor, account type, start and end dates, availability, role, authentication, security policy, account duration, reauthentication period, success URL, and the guest's password. See Guest account details.

Modify User

Opens the Modify User window. See Add or modify a user.

Policy Details

Opens the Policy Details window and displays the policies that would apply to the selected user at this time, such as endpoint compliance policies, network access policies or Supplicant Policies. See Policy details.

Set Expiration

Launches a tool to set the date and time for the user to age out of the database. See Set user expiration date.

Set Role

Assigns a role to the selected user. See Roles.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Show Events

Displays all events for the selected user.

Collapse All

Collapses all records that have been expanded.

Expand Selected

Expands selected user records to display host information.

Buttons

Import/Export

Import and Export options allow you to import users into the database from a CSV file or export a list of selected hosts to CSV, Excel, PDF, or RTF formats. See Import hosts, users or devices or Export data.

Options

Displays the same series of menu picks displayed when the right-mouse button is clicked on a selected user.