Settings

Go to System > Settings to access system configuration that you can update after installing FortiPAM.

To update System Settings:

1. Go to System > Settings.

   The General tab in the System Settings window opens.

   

2. To switch to the Advanced tab, select Advanced.

   

3. In System Settings, enter the following information:

   General tab

   Host name

   The identifying name assigned to this FortiPAM unit.

   System time pane

   System time
   Current system time	The current date and time on the FortiPAM internal clock or NTP servers.
   Time Zone	From the dropdown, select a timezone.
   Set Time	Select from the following options: NTP: The NTP (Network Time Protocol) server (default). Manual Settings
   Select Server	Select a server from the following two options: FortiGuard (default) Custom Note: The option is only available when Set Time is NTP.
   Custom Server IP Address	The custom server IP address. Custom NTP server details must be configured via the CLI. Note: The option is only available when Set Time is NTP and the Select Server is Custom.
   Sync internal	Enter how often, in minutes, that the device synchronizes its time with the NTP server (default = 60, 1 - 1440). Note: The option is only available when Set Time is NTP.
   Date	Enter the date or select the calendar icon, and from the dropdown, select a date. Note: The option is only available when Set Time is Manual Settings.
   Time	Enter the time or select the clock icon, and from the dropdown, select a time. Note: The option is only available when Set Time is Manual Settings.
   Setup device as local NTP server	Select True to configure the FortiPAM as a local NTP server (default = False).
   Listen on Interfaces	Set the interface or interfaces that the FortiPAM will listen for NTP requests on. Note: The option is only available when Setup device on local NTP server is set as True.

   User Password Policy pane

   User Password Policy
   Password scope	Enable/disable password scope (default = disable). Note: This applies to local user passwords.
   Minimum length	The minimum length of the password (default = 8, 1 - 128).
   Minimum number of new characters	Enter the minimum number of new characters required in the password (default = 0, maximum = 200).
   Character requirements	Enable/disable character requirements (default = disable). When enabled, enter the number of upper case, lower case, numbers, and special (non-alphanumeric) characters required in the password. Note: Special characters are non-alphanumeric.
   Allow password reuse	Enable/disable password reuse (default = enable).
   Password expiration	Enable and enter the number of days after which the password expires (default = 90, 0 - 999).
   Max Retry	Enter the maximum number of allowed failed login attempts (default = 3, 1 - 10).
   Lockout Duration	Specify the length of the lockout period, in seconds (default = 60, 1 - 2147483647). Note: After the lockout duration expires, the Max Retry number applies again.

   View Settings pane

   View Settings
   Language	From the dropdown, select a language.

   Email Service pane

   Email Service See Testing the email service connection example.
   Use custom settings	Enable to edit options in the Email Service pane.
   SMTP Server	The SMTP server IP address or the hostname, e.g., smtp.example.com and notification.fortinet.net.
   Port	The recipient port number. The default port value depends on the chosen Security Mode. For None and STARTTLS, the default value is 25. For SMTPS, the default value is 465.
   Authentication	If required by the email server, enable authentication. If enabled, enter the Username and Password.
   Security Mode	Set the connection security mode used by the email server: None SMTPS (default) STARTTLS
   Sender	Enter the email address used to send emails. For the email to be sent, depending on the SMTP Server used and Authentication being enabled, the Sender email address may be required to be a specific email address. If the Sender email address is incorrect, the email is not sent.
   Default Reply To	Optionally, enter the reply to email address, such as noreply@example.com. This address will override the Email from email address that is configured for an alert email. See Email alert settings.

   Other General Settings pane

   Login Disclaimer	Enable/disable displaying a disclaimer message once a user successfully logs in. Once enabled, enter a disclaimer in the text box. Alternatively, you can use the default login disclaimer. Last Successful Login displays when the last successful login has occurred. Last Failed Login displays when the last failed login has occured. Click the eye icon to preview the login disclaimer. Note: The option is disabled by default.
   GUI Session Timeout	Select from the following two options: Idle: Enforce timeout after the entered time in Idle in has elapsed, in minutes (default = 5, 1 - 480). Always: Enforce user logout after the entered time in Force logout in has elapsed, in minutes (default = 480, 5 - 480). A shorter GUI Session Timeout duration is more secure.
   Concurrent Log-on	A concurrent session occurs when multiple users access FortiPAM using the same account from different locations or web browsers. Select from the following two options: Enable: Enable user concurrent login. Disable: Disable user concurrent login. Note: The option is disabled by default. Once disabled, concurrent logins are disallowed.

   Advanced tab

   PAM Settings pane

   PAM Settings
   Enforce recording on glass breaking	In glass breaking mode, the administrator has permission to launch all secrets. This setting is to enforce video recording on all launching sessions (default = enable).
   Live Recording	Enable/disable live recording (default = disable). Before downgrading from FortiPAM version 1.2.x to 1.1.x, disable Live Recording. Otherwise, you cannot replay videos on FortiPAM 1.1.x. See Over-the-shoulder monitoring (Live recording).
   Video Storage Limit	The maximum percentage of the video disk partition size that can be used for storing FortiPAM session video recordings (default = 90, 10 - 90).
   Video Storage Mode	From the dropdown, select a PAM session video recording storage mode (default = Rolling): Rolling: Evict the oldest PAM video recording within the Video Storage Time when the video storage limit is reached. Stop: Stop storing new PAM video recordings when the disk quota is full.
   Video Storage Time	The number of days for which a video is stored. Video files are removed from FortiPAM once the time has elapsed (default = 365, 0 - 36500). Enable the toggle or enter 0 for no time limit. Note: The option is only available when the Video Storage Mode is Rolling.
   Recording Resolution	From the dropdown, select a resolution for the PAM video recordings: 480p 720p (default) 1080p
   Recording FPS	Enter the PAM video recording frame rate (default = 2, 1 - 15).
   Recording Color Depth	From the dropdown, select a color depth: 24 Bit Color Depth (default) 32 Bit Color Depth
   Recording Key FPM	Enter the PAM video recording key frame rate per minute (default = 1, 1 - 60).
   Max Launching Duration	Enter the maximum duration for all the secret launching sessions, in minutes (default = 120, 1 - 10000).
   Client Port	Enter the port number that FortiPAM uses to connect to FortiClient (default = 9191, 1 - 65536).
   Send Multiple Secret Requests in	When sending multiple secret request notifications to a reviewer: Separate Emails: Send the secret request notifications as separate emails (default). Single Email: Send the secret request notifications as a single email.
   Period	Enter the time interval at which multiple secret request notifications are sent, in seconds (default = 60, 60 - 600). Note: The option is only available when Send Multiple Secret Requests in is set to Single Email.

4. Click Apply.