Fortinet white logo
Fortinet white logo

Local authentication

Local authentication

You can add, update, and delete local authentication settings.

Add local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click in the local authentication table and select Create New.
  3. Enter values in the relevant fields. See Local authentication fields.
  4. Select Save.

Update local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click a local user and select Edit.
  3. Update the values that you want to change.
  4. Select Save.

Delete local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click a local user and select Delete.
  3. Select Yes in the confirmation dialog box to delete the local user.

Local authentication fields

The Create New Local User and Edit Local User dialogs contain the following fields:

Settings

Guidelines

Name

Required. Enter the name of the local user.

Auth Concurrent Override

Enable or disable overriding the number of concurrent firewall use logins from the same user.

Auth Concurrent Value

The maximum number of concurrent logins permitted from the same user.

Auth Timeout

The number of minutes before the authentication timeout for a user is reached.

Email-To

Two-factor recipientʼs email address.

FortiToken

Two-factor recipientʼs FortiToken serial number.

Id

Local user ID.

LDAP Server

The name of the LDAP server with which the user must authenticate.

Password

Local userʼs password.

Password Policy

Password policy to apply to this user.

PPK Identity

Specify the Post-quantum Preshared Key (PKK) Identity for successful validation of PPK credentials in dynamic VPNs with peertype dialup.

PPK Password

IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).

Radius Server

The name of the RADIUS server with which the user must authenticate.

SMS Custom Server

Two-factor recipientʼs SMS server.

SMS Phone

Two-factor recipientʼs mobile phone number.

SMS Server

Send SMS through FortiGuard or other external server.

Status

Enable or disable allowing the local user to authenticate with the FortiGate unit.

TACACS+ Server

The name of the TACACS+ server with which the user must authenticate.

Two-Factor

Disable two-factor authentication or choose which two-factor authentication method is used:

fortitoken—FortiToken

disable—disable

sms—SMS authentication code.

email—Email authentication code.

Type

Required. Select the authentication method.

password—Password authentication.

ldap—LDAP server authentication.

tacacs+—TACACS+ server authentication.

radius—RADIUS server authentication.

Workstation

If you want to limit the user to authenticate only from a particular workstation, enter the name of the remote user workstation

Local authentication

Local authentication

You can add, update, and delete local authentication settings.

Add local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click in the local authentication table and select Create New.
  3. Enter values in the relevant fields. See Local authentication fields.
  4. Select Save.

Update local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click a local user and select Edit.
  3. Update the values that you want to change.
  4. Select Save.

Delete local authentication settings

  1. Select local from the Auth Server Settings dropdown menu.
  2. Right-click a local user and select Delete.
  3. Select Yes in the confirmation dialog box to delete the local user.

Local authentication fields

The Create New Local User and Edit Local User dialogs contain the following fields:

Settings

Guidelines

Name

Required. Enter the name of the local user.

Auth Concurrent Override

Enable or disable overriding the number of concurrent firewall use logins from the same user.

Auth Concurrent Value

The maximum number of concurrent logins permitted from the same user.

Auth Timeout

The number of minutes before the authentication timeout for a user is reached.

Email-To

Two-factor recipientʼs email address.

FortiToken

Two-factor recipientʼs FortiToken serial number.

Id

Local user ID.

LDAP Server

The name of the LDAP server with which the user must authenticate.

Password

Local userʼs password.

Password Policy

Password policy to apply to this user.

PPK Identity

Specify the Post-quantum Preshared Key (PKK) Identity for successful validation of PPK credentials in dynamic VPNs with peertype dialup.

PPK Password

IKEv2 Postquantum Preshared Key (ASCII string or hexadecimal encoded with a leading 0x).

Radius Server

The name of the RADIUS server with which the user must authenticate.

SMS Custom Server

Two-factor recipientʼs SMS server.

SMS Phone

Two-factor recipientʼs mobile phone number.

SMS Server

Send SMS through FortiGuard or other external server.

Status

Enable or disable allowing the local user to authenticate with the FortiGate unit.

TACACS+ Server

The name of the TACACS+ server with which the user must authenticate.

Two-Factor

Disable two-factor authentication or choose which two-factor authentication method is used:

fortitoken—FortiToken

disable—disable

sms—SMS authentication code.

email—Email authentication code.

Type

Required. Select the authentication method.

password—Password authentication.

ldap—LDAP server authentication.

tacacs+—TACACS+ server authentication.

radius—RADIUS server authentication.

Workstation

If you want to limit the user to authenticate only from a particular workstation, enter the name of the remote user workstation