Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 1.5.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiPAM 1.5.0 Release Notes
    1.5.0
    1.8.2
    1.8.1
    1.8.0
    1.7.2
    1.7.1
    1.7.0
    1.6.2
    1.6.1
    1.6.0
    1.5.1
    1.5.0
    1.4.3
    1.4.2
    1.4.1
    1.4.0
    1.3.1
    1.3.0
    1.2.0
    1.1.2
    1.1.1
    1.1.0
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    What' s new

    What' s new

    FortiPAM version 1.5.0 includes the following enhancements:

    Secret/Launch

    1050160- Service gateway

    Starting FortiPAM 1.5.0, the reverse gateway supports Service mode.

    The reverse gateway operates under 2 modes:

    • Reverse mode: The gateway working in the reverse mode is called the Reverse Gateway.

    • Service mode (new): The gateway working in the service mode is called the Service Gateway.

    When FortiPAM acts as the reverse gateway with the Service ability, it supports the client directly to start launching sessions from the client device itself rather than starting the session from the original FortiPAM and then proxying it to the reverse gateway.

    In the Reverse mode, the launching session traffic flow is Client machine > Central Server > Gateway > Target Server.

    In the Service mode, the launching session traffic is Client machine > Gateway > Target Server. This reduces the session delay and the central server stress when the gateway device is closer to the target server. Here, videos are still uploaded to FortiPAM and the secret log is reported to FortiPAM instead of storing it on the gateway device.

    1097062- New Agentless mode for web based secret launch

    Starting FortiPAM 1.5.0, a new Agentless mode has been introduced for launching web based secrets without requiring the assistance of either FortiClient or the Fortinet Privileged Access Agent browser extension to be installed locally.

    Supported web based launchers include the following:

    • Web SSH

    • Web RDP

    • Web VNC

    • Web SFTP

    • Web SMB

    • Web Telnet

    Supported web browsers include the following:

    • Google Chrome

    • Microsoft Edge

    The feature reduces dependency on environment resources and maintenance costs. Additionally, it enhances FortiPAM security, portability, and the overall efficiency.

    Currently, the Agentless mode has the following 3 limitations:

    • The feature does not work with the Mozilla Firefox browser.

    • The feature does not work with the Web Account launcher.

    • The feature does not work with a service gateway.

    A new Agentless dropdown in the banner lists 3 modes for you to select from:

    • Automatic

    • Extension

    • Agentless

    1014580- Secret Event Subscription

    Secret event subscription allows any user to receive email notifications when certain events happen on a specific secret.

    The subscribable events are: secret entry change, password change failed, view password clear text, password verify failed, secret check-in, secret check-out, secret launch, and secret certificate expiry notification.

    After subscribing to the event, once an event is triggered, an email is sent to the user email configured in the user profile.

    875335, 1063325- New default secret templates and a default password changer

    FortiPAM now includes the following four default secret templates:

    • Azure Credential: A basic template designed to save Azure AD enterprise application (client) ID, Directory (tenant) ID, and client secret value information.

    • Azure AD Account: A basic template designed to launch Azure AD portal as target.

    • VNC Server: A basic template designed for VNC password authentication.

    • macOS: A basic template for a macOS machine.

    FortiPAM now includes the following new password changer:

    • Web API (Azure AD): A default password changer designed to change Azure AD password.

    1079201- New default launcher available

    FortiPAM now includes a new default RealVNC Viewer secret launcher.

    The secret launcher is designed to connect to a RealVNC server.

    A RealVNC server supports the following two authentication methods:

    • Standard VNC password with 8 digits/characters

    • Windows username/password

    1033306- Support multiple OS launcher

    FortiPAM now supports launchers on various OS types including Windows, macOS, or custom.

    A new OS Settings pane when creating or editing a launcher.

    For OS types including the macOS, the new FortiClient is needed to support native launchers.

    After FortiClient running on a different OS(macOS) can support FortiPAM, FortiPAM can configure a different OS launcher to launch secrets.

    Two new default launchers are introduced:

    • Remote Desktop instead of previous Remote Desktop-Windows to support both Windows and macOS

    • Screen Sharing for macOS

    When you create a new launcher, you can define how to initiate the launcher in a different OS.

    Note: Before you add a new OS for a launcher, ensure that your FortiClient supports FortiPAM in the OS.

    When you add a new OS to a launcher, ensure that the FortiClient in the OS supports FortiPAM, e.g., for FortiClient 7.4.1, only Windows FortiClient supports FortiPAM.

    1053876- Customize secret launcher start up timeout

    A new Timeout Duration field when creating or editing a secret launcher.

    The new Timeout Duration field allows you to set up a maximum duration to start a secret launcher before the timeout, in seconds.

    This new feature needs FortiClient future support.

    1058979- Support certificate authentication for the secret SSH launch

    The SSH protocol offers multiple authentication options: passwords, public keys and certificates. Certificate-based authentication is the most secure of them all as it controls the certificate expiry date and the login username.

    Starting 1.5.0, FortiPAM supports certificate authentication.

    When you create a secret with the SSH Key template, you can choose Public key with certificate to use this feature.

    A new Public-key dropdown in the Fields pane when creating or editing a secret that uses FortiProduct (SSH Key) or Unix Account (SSH Key) as the secret template.

    The new Public-key dropdown allows you to select the type of public key to use.

    The certificate based SSH authentication improves authentication security by controlling the certificate expiry date.

    You can choose from the following two public key types:

    • Standard public key

    • Public key with certificate: Select to allow certificate based authentication.

    1056945- Secret approval via email

    An approver can now approve the secret approval request by responding to the secret approval request email directly without the need to log in to FortiPAM.

    When the reviewers click the *Approve* or *Deny* button in the email, a pre-set email template will be used for the reviewer to send their responses. FortiPAM will act as an email client to fetch the response emails periodically if approval email server settings are configured properly.

    Use of this feature requires configuration of an approval email server in System > Settings.

    1078249- Secret GUI improvements

    When creating a secret, in the General tab, the following two new tabs have been added. One of these tabs must be selected as part of the secret creation process:

    • To connect to a remote server: Used to create a secret to connect to a remote server.

    • To store a certificate/file: Used to create a secret for storing a certificate or a file.

    The remaining secret settings presented in the GUI will change depending on the selection.

    1101756- Health checks are supported for Forward type Gateways

    Health checks are now supported Forward type Gateways to assist in monitoring the gateway connectivity status.

    The status shows on the right pane of the gateway page, the target page, and the secret page where the gateway is used.

    1044292- SQL server session log enhancement

    New RPC parameter added to the SQL server session log.

    1098271- Web API password changer enhancements

    When creating a password changer:

    • A new Web-API type is available.

    • Web Changers and Web Verifiers pane available where you can enter a series of http requests to execute http requests expect based on the previous http execute command.

    • The Change Auth Mode option has been renamed to Change Password Using.

    • The Verify Auth Mode option has been renamed to Verify Password Using.

    • The Association option in Change Password Using and Verify Password Using has been renamed to Associated Secret.

    • When creating a new web command in the Web Changers or Web Verifiers pane:

      • Type: Execute.

        A request is sent to the server using the configured URL, headers, and query parameters. This initiates actions such as authentication or password change commands.

      • Type: Expect.

        Verifies that the server response meets predefined criteria, such as, containing specific strings in the response body or matching expected status codes. If these criteria are not met, the password change process terminates. This step also allows for cookie and token extraction to support subsequent requests.

      For the Web API password changer:

      • In Execute:

        • Multi-header input is supported. Previously, only single header input was supported.

        • Body Encoding: FortiPAM decodes the input body fields using XML/JSON/None when selecting HTTP POST/PUT/PATCH methods.

      • In Expect:

        • Supports exact-match and regular expression.

        • New Execute Next Command setting with the following options:

          • In Sequence: Linear execution (legacy mode).

          • Jump: Depending on the current result or the step, jump to any step at will by importing the command number in the password changer process.

        • Expect String In Body has been renamed to Response Body Match and Completion has been renamed to End Web Changing Process.

    1063215- HTTP PATCH method for the Web API password changer

    FortiPAM supports HTTP patch requests to the Web API password changer.

    User/Group

    957802- Force checkout

    If a secret has been checked out by a user and the secret is not launched, the secret can be forced checked out by another user.

    A new Force Checkout Idle time field is available when Requires Checkout is enabled for a secret.

    Note that the Force Checkout Idle time field can only be set up when both Proxy Mode and Session Recording are already enabled.

    Force checkout works for all the users that can access a secret.

    A user can force checkout a secret when the current user who has checked out the secret does not have an active launch session for at least the time set in the Force Checkout Idle time field.

    1054962- Show user logs in the user details page

    When editing a user, new Config & Login Logs and Secret Access Logs tabs available.

    The Config & Login Logs and Secret Access Logs tabs show related user log information.

    1061622- Third-party authenticators are supported for user login

    You can now select Third-party authenticator as the method of two-factor authentication when creating or editing a user in FortiPAM.

    Common third-party authenticators including Google Authenticator, Microsoft Authenticator, SafeAuth Authenticator, and others which use a standard SHA to calculate the token are supported.

    When configuring a user with Two-Factor Authentication enabled, you can select Third-Party Authenticator in the method dropdown. A random shared seed is generated for each user who uses this method. Administrators can send this shared-key by QR code in email. Users must scan the QR code using their own authenticator (e.g. Google, Microsoft, etc.) to generate the one-time-password for login.

    Options to view, renew and resend the QR code can be accessed when editing the user in the FortiPAM GUI.

    1095266 - User profile menu added to the banner

    A new User Profile option has been added to the Admin menu in the FortiPAM banner. The User Profile menu displays information about the user's username, last login time, last login IP, last failed login, and email address. Users can use the User Profile menu to edit the email address that is associated with their profile.

    1097981- Viewing a user's related secrets and secret logs

    Administrators can view a list of all of the secrets that a user can access, including the secret name, folder name, target, account, and permissions in a new Secret List tab when editing a user. With additional permissions enabled, the administrator can also view/edit secret details, and view secret logs.

    System/Log

    1097958- FortiPAM Multiple language support

    Beginning in FortiPAM 1.5.0, the FortiPAM GUI supports multiple languages, including:

    • English

    • French

    • Spanish

    • German

    • Portuguese

    • Japanese

    • Chinese (Simplified)

    • Chinese (Traditional)

    • Korean

    Administrators can configure the language setting for new or existing users when creating or editing a user.

    Users can change their own language preferences at any time using the language dropdown in the banner.

    913200- Send videos to external storage through SFTP

    FortiPAM 1.5.0 includes a new option to send videos to external storage.

    When remote video storage is enabled, video files for recorded sessions will be moved to the configured remote server once a storage threshold is met, helping you to avoid large diskspace requirements for video storage on FortiPAM. You can send videos to external storage through the SFTP protocol.

    1071941- Support PAC file for the extension

    FortiPAM now supports system proxy while applying web proxy on the FortiPAM extension.

    A new PAC Rule Url field in the Advanced tab in System > Settings where you can provide the PAC script URL. Local FortiPAM settings will take precedence over PAC script settings.

    964887, 924029- Graphical view in Log & Report

    FortiPAM now displays a graphical summary view for Secret Event & Video and Security Event in Log & Report.

    1071009- Floating license support

    FortiPAM 1.5.0 introduces support for a floating license model for both new and existing FortiPAM units (VMs only).

    The floating license is primarily intended for the HA setup.

    Previously, if the primary and the secondary FortiPAM unit each held 50 user seats, the total number of seats for the entire cluster was capped at 50.

    In FortiPAM 1.5.0 floating license, if the primary and the secondary unit each have 50 user seats, the HA cluster supports up to 100 user seats in total. If the primary unit is offline, users have up to 7 days to restore it. After the grace period of 7 days, if the primary unit is still down, the administrator must reduce the number of active users on the secondary unit to match the license capacity.

    For instance, if the cluster has 70 active users when the primary is offline, the administrator must disable 20 users after the grace period of 7 days has elapsed to stay within the license limit of the secondary FortiPAM unit.

    When the primary FortiPAM unit is back online, the disabled users are reinstated automatically.

    The floating license model is only available on FortiPAM VM instances.

    878459, 1068247- New setup wizard

    The FortiPAM setup wizard gathers all essential settings to setup a FortiPAM from scratch and provide useful information to the new users.

    To access the setup wizard, go to System > Setup Wizard.

    Others

    1104270-FortiPAM integration with Terraform

    FortiPAM supports secret and folder ID parsing, and secret field filter for the Terraform integration.

    The FortiPAM Terraform provider can better support resource management including creating/updating/importing/deleting operations on the target FortiPAM.

    Currently, the FortiPAM Terraform provider supports folder and secret resource management.

    The FortiPAM Terraform Registry is available here:

    https://registry.terraform.io/providers/fortinetdev/fortipam/latest

    1078424- FortiPAM on Alibaba Cloud

    FortiPAM now supports Alibaba Cloud virtualization software.

    For information on installing FortiPAM on Alibaba Cloud, see the latest FortiPAM Alibaba Cloud Administration Guide.

    1106254- FortiPAM on Proxmox

    FortiPAM now supports the Proxmox virtual environment.

    Previous
    Next

    What' s new

    What' s new

    FortiPAM version 1.5.0 includes the following enhancements:

    Secret/Launch

    1050160- Service gateway

    Starting FortiPAM 1.5.0, the reverse gateway supports Service mode.

    The reverse gateway operates under 2 modes:

    • Reverse mode: The gateway working in the reverse mode is called the Reverse Gateway.

    • Service mode (new): The gateway working in the service mode is called the Service Gateway.

    When FortiPAM acts as the reverse gateway with the Service ability, it supports the client directly to start launching sessions from the client device itself rather than starting the session from the original FortiPAM and then proxying it to the reverse gateway.

    In the Reverse mode, the launching session traffic flow is Client machine > Central Server > Gateway > Target Server.

    In the Service mode, the launching session traffic is Client machine > Gateway > Target Server. This reduces the session delay and the central server stress when the gateway device is closer to the target server. Here, videos are still uploaded to FortiPAM and the secret log is reported to FortiPAM instead of storing it on the gateway device.

    1097062- New Agentless mode for web based secret launch

    Starting FortiPAM 1.5.0, a new Agentless mode has been introduced for launching web based secrets without requiring the assistance of either FortiClient or the Fortinet Privileged Access Agent browser extension to be installed locally.

    Supported web based launchers include the following:

    • Web SSH

    • Web RDP

    • Web VNC

    • Web SFTP

    • Web SMB

    • Web Telnet

    Supported web browsers include the following:

    • Google Chrome

    • Microsoft Edge

    The feature reduces dependency on environment resources and maintenance costs. Additionally, it enhances FortiPAM security, portability, and the overall efficiency.

    Currently, the Agentless mode has the following 3 limitations:

    • The feature does not work with the Mozilla Firefox browser.

    • The feature does not work with the Web Account launcher.

    • The feature does not work with a service gateway.

    A new Agentless dropdown in the banner lists 3 modes for you to select from:

    • Automatic

    • Extension

    • Agentless

    1014580- Secret Event Subscription

    Secret event subscription allows any user to receive email notifications when certain events happen on a specific secret.

    The subscribable events are: secret entry change, password change failed, view password clear text, password verify failed, secret check-in, secret check-out, secret launch, and secret certificate expiry notification.

    After subscribing to the event, once an event is triggered, an email is sent to the user email configured in the user profile.

    875335, 1063325- New default secret templates and a default password changer

    FortiPAM now includes the following four default secret templates:

    • Azure Credential: A basic template designed to save Azure AD enterprise application (client) ID, Directory (tenant) ID, and client secret value information.

    • Azure AD Account: A basic template designed to launch Azure AD portal as target.

    • VNC Server: A basic template designed for VNC password authentication.

    • macOS: A basic template for a macOS machine.

    FortiPAM now includes the following new password changer:

    • Web API (Azure AD): A default password changer designed to change Azure AD password.

    1079201- New default launcher available

    FortiPAM now includes a new default RealVNC Viewer secret launcher.

    The secret launcher is designed to connect to a RealVNC server.

    A RealVNC server supports the following two authentication methods:

    • Standard VNC password with 8 digits/characters

    • Windows username/password

    1033306- Support multiple OS launcher

    FortiPAM now supports launchers on various OS types including Windows, macOS, or custom.

    A new OS Settings pane when creating or editing a launcher.

    For OS types including the macOS, the new FortiClient is needed to support native launchers.

    After FortiClient running on a different OS(macOS) can support FortiPAM, FortiPAM can configure a different OS launcher to launch secrets.

    Two new default launchers are introduced:

    • Remote Desktop instead of previous Remote Desktop-Windows to support both Windows and macOS

    • Screen Sharing for macOS

    When you create a new launcher, you can define how to initiate the launcher in a different OS.

    Note: Before you add a new OS for a launcher, ensure that your FortiClient supports FortiPAM in the OS.

    When you add a new OS to a launcher, ensure that the FortiClient in the OS supports FortiPAM, e.g., for FortiClient 7.4.1, only Windows FortiClient supports FortiPAM.

    1053876- Customize secret launcher start up timeout

    A new Timeout Duration field when creating or editing a secret launcher.

    The new Timeout Duration field allows you to set up a maximum duration to start a secret launcher before the timeout, in seconds.

    This new feature needs FortiClient future support.

    1058979- Support certificate authentication for the secret SSH launch

    The SSH protocol offers multiple authentication options: passwords, public keys and certificates. Certificate-based authentication is the most secure of them all as it controls the certificate expiry date and the login username.

    Starting 1.5.0, FortiPAM supports certificate authentication.

    When you create a secret with the SSH Key template, you can choose Public key with certificate to use this feature.

    A new Public-key dropdown in the Fields pane when creating or editing a secret that uses FortiProduct (SSH Key) or Unix Account (SSH Key) as the secret template.

    The new Public-key dropdown allows you to select the type of public key to use.

    The certificate based SSH authentication improves authentication security by controlling the certificate expiry date.

    You can choose from the following two public key types:

    • Standard public key

    • Public key with certificate: Select to allow certificate based authentication.

    1056945- Secret approval via email

    An approver can now approve the secret approval request by responding to the secret approval request email directly without the need to log in to FortiPAM.

    When the reviewers click the *Approve* or *Deny* button in the email, a pre-set email template will be used for the reviewer to send their responses. FortiPAM will act as an email client to fetch the response emails periodically if approval email server settings are configured properly.

    Use of this feature requires configuration of an approval email server in System > Settings.

    1078249- Secret GUI improvements

    When creating a secret, in the General tab, the following two new tabs have been added. One of these tabs must be selected as part of the secret creation process:

    • To connect to a remote server: Used to create a secret to connect to a remote server.

    • To store a certificate/file: Used to create a secret for storing a certificate or a file.

    The remaining secret settings presented in the GUI will change depending on the selection.

    1101756- Health checks are supported for Forward type Gateways

    Health checks are now supported Forward type Gateways to assist in monitoring the gateway connectivity status.

    The status shows on the right pane of the gateway page, the target page, and the secret page where the gateway is used.

    1044292- SQL server session log enhancement

    New RPC parameter added to the SQL server session log.

    1098271- Web API password changer enhancements

    When creating a password changer:

    • A new Web-API type is available.

    • Web Changers and Web Verifiers pane available where you can enter a series of http requests to execute http requests expect based on the previous http execute command.

    • The Change Auth Mode option has been renamed to Change Password Using.

    • The Verify Auth Mode option has been renamed to Verify Password Using.

    • The Association option in Change Password Using and Verify Password Using has been renamed to Associated Secret.

    • When creating a new web command in the Web Changers or Web Verifiers pane:

      • Type: Execute.

        A request is sent to the server using the configured URL, headers, and query parameters. This initiates actions such as authentication or password change commands.

      • Type: Expect.

        Verifies that the server response meets predefined criteria, such as, containing specific strings in the response body or matching expected status codes. If these criteria are not met, the password change process terminates. This step also allows for cookie and token extraction to support subsequent requests.

      For the Web API password changer:

      • In Execute:

        • Multi-header input is supported. Previously, only single header input was supported.

        • Body Encoding: FortiPAM decodes the input body fields using XML/JSON/None when selecting HTTP POST/PUT/PATCH methods.

      • In Expect:

        • Supports exact-match and regular expression.

        • New Execute Next Command setting with the following options:

          • In Sequence: Linear execution (legacy mode).

          • Jump: Depending on the current result or the step, jump to any step at will by importing the command number in the password changer process.

        • Expect String In Body has been renamed to Response Body Match and Completion has been renamed to End Web Changing Process.

    1063215- HTTP PATCH method for the Web API password changer

    FortiPAM supports HTTP patch requests to the Web API password changer.

    User/Group

    957802- Force checkout

    If a secret has been checked out by a user and the secret is not launched, the secret can be forced checked out by another user.

    A new Force Checkout Idle time field is available when Requires Checkout is enabled for a secret.

    Note that the Force Checkout Idle time field can only be set up when both Proxy Mode and Session Recording are already enabled.

    Force checkout works for all the users that can access a secret.

    A user can force checkout a secret when the current user who has checked out the secret does not have an active launch session for at least the time set in the Force Checkout Idle time field.

    1054962- Show user logs in the user details page

    When editing a user, new Config & Login Logs and Secret Access Logs tabs available.

    The Config & Login Logs and Secret Access Logs tabs show related user log information.

    1061622- Third-party authenticators are supported for user login

    You can now select Third-party authenticator as the method of two-factor authentication when creating or editing a user in FortiPAM.

    Common third-party authenticators including Google Authenticator, Microsoft Authenticator, SafeAuth Authenticator, and others which use a standard SHA to calculate the token are supported.

    When configuring a user with Two-Factor Authentication enabled, you can select Third-Party Authenticator in the method dropdown. A random shared seed is generated for each user who uses this method. Administrators can send this shared-key by QR code in email. Users must scan the QR code using their own authenticator (e.g. Google, Microsoft, etc.) to generate the one-time-password for login.

    Options to view, renew and resend the QR code can be accessed when editing the user in the FortiPAM GUI.

    1095266 - User profile menu added to the banner

    A new User Profile option has been added to the Admin menu in the FortiPAM banner. The User Profile menu displays information about the user's username, last login time, last login IP, last failed login, and email address. Users can use the User Profile menu to edit the email address that is associated with their profile.

    1097981- Viewing a user's related secrets and secret logs

    Administrators can view a list of all of the secrets that a user can access, including the secret name, folder name, target, account, and permissions in a new Secret List tab when editing a user. With additional permissions enabled, the administrator can also view/edit secret details, and view secret logs.

    System/Log

    1097958- FortiPAM Multiple language support

    Beginning in FortiPAM 1.5.0, the FortiPAM GUI supports multiple languages, including:

    • English

    • French

    • Spanish

    • German

    • Portuguese

    • Japanese

    • Chinese (Simplified)

    • Chinese (Traditional)

    • Korean

    Administrators can configure the language setting for new or existing users when creating or editing a user.

    Users can change their own language preferences at any time using the language dropdown in the banner.

    913200- Send videos to external storage through SFTP

    FortiPAM 1.5.0 includes a new option to send videos to external storage.

    When remote video storage is enabled, video files for recorded sessions will be moved to the configured remote server once a storage threshold is met, helping you to avoid large diskspace requirements for video storage on FortiPAM. You can send videos to external storage through the SFTP protocol.

    1071941- Support PAC file for the extension

    FortiPAM now supports system proxy while applying web proxy on the FortiPAM extension.

    A new PAC Rule Url field in the Advanced tab in System > Settings where you can provide the PAC script URL. Local FortiPAM settings will take precedence over PAC script settings.

    964887, 924029- Graphical view in Log & Report

    FortiPAM now displays a graphical summary view for Secret Event & Video and Security Event in Log & Report.

    1071009- Floating license support

    FortiPAM 1.5.0 introduces support for a floating license model for both new and existing FortiPAM units (VMs only).

    The floating license is primarily intended for the HA setup.

    Previously, if the primary and the secondary FortiPAM unit each held 50 user seats, the total number of seats for the entire cluster was capped at 50.

    In FortiPAM 1.5.0 floating license, if the primary and the secondary unit each have 50 user seats, the HA cluster supports up to 100 user seats in total. If the primary unit is offline, users have up to 7 days to restore it. After the grace period of 7 days, if the primary unit is still down, the administrator must reduce the number of active users on the secondary unit to match the license capacity.

    For instance, if the cluster has 70 active users when the primary is offline, the administrator must disable 20 users after the grace period of 7 days has elapsed to stay within the license limit of the secondary FortiPAM unit.

    When the primary FortiPAM unit is back online, the disabled users are reinstated automatically.

    The floating license model is only available on FortiPAM VM instances.

    878459, 1068247- New setup wizard

    The FortiPAM setup wizard gathers all essential settings to setup a FortiPAM from scratch and provide useful information to the new users.

    To access the setup wizard, go to System > Setup Wizard.

    Others

    1104270-FortiPAM integration with Terraform

    FortiPAM supports secret and folder ID parsing, and secret field filter for the Terraform integration.

    The FortiPAM Terraform provider can better support resource management including creating/updating/importing/deleting operations on the target FortiPAM.

    Currently, the FortiPAM Terraform provider supports folder and secret resource management.

    The FortiPAM Terraform Registry is available here:

    https://registry.terraform.io/providers/fortinetdev/fortipam/latest

    1078424- FortiPAM on Alibaba Cloud

    FortiPAM now supports Alibaba Cloud virtualization software.

    For information on installing FortiPAM on Alibaba Cloud, see the latest FortiPAM Alibaba Cloud Administration Guide.

    1106254- FortiPAM on Proxmox

    FortiPAM now supports the Proxmox virtual environment.

    Previous
    Next