IAM User Model
The IAM User Model uses portal-based permission profiles to manage user access and asset permissions.
A master user (Account Owner) who creates the FortiCloud account, can access the IAM portal. IAM Users have access to the FortiPhish portal based on the permissions set by the master user for the IAM portal. Sub users cannot access the IAM Portal.
IAM user types
FortiPhish supports the following IAM user types.
-
IAM Users: IAM users can access FortiPhish, with a FortiCloud account. Each IAM account requires an Account ID/Alias, User Name, and password to log in to a portal. Administrators can assign permission profiles to an IAM user or to an IAM user group.
For information on creating and managing IAM users, see IAM Users.
-
API Users: API users can access FortiPhish, through the API. API users can only use OAuth 2.0 for authentication to access web service APIs. API user IDs and passwords are generated by the IAM service portal. One FortiCloud account can have multiple API users. The IAM service administrator can define the user's permissions.
For information on creating and managing API users, see API Users.
-
External IdP roles: External IdP roles allow external users to log in to a cloud portal using their organization’s ID provider. External IdP roles are authenticated with a custom login page. After the user is authenticated, they are redirected to a jump page where they can select the cloud portal(s) assigned to their account.
For information on enrolling for and configuring external IdP, see External IdP. For information on creating and managing, external IdP roles, see External IdP roles.
IAM user roles
FortiPhish supports the following IAM user roles.
|
IAM User Role |
Permissions |
|---|---|
| Admin | Read/Write access to all user records under the same account, excluding domain records. |
| Read/Write | Read /Write access to user's own records. |
| Read Only | Read access to master user records under the same account. |