FortiPortal concepts
Sites
- An organization can have multiple sites.
- A site is a logical grouping of devices (independent of which FortiManager manages the device).
- Devices are FortiGate, FortiSwitch, or FortiAP devices.
Remote authentication
You can choose remote authentication of admin and organization users. Remote authentication provides a choice of FortiAuthenticator, RADIUS, or single sign-on (SSO). The remote authentication method may be overridden at the organization level.
If you set the authentication mode to remote, all user management functions reside with the remote system. FortiPortal user management capabilities (add/modify/delete users, reset password, change password) are blocked, as these apply only to local users.
For additional information regarding FortiAuthenticator, refer to the FortiAuthenticator product documentation.
Trusted and blocked hosts
If you are using local user authentication, you can use the trusted and blocked hosts capability as an added level of security.
Enable the blocked hosts feature to enforce a configurable blocklist for all admin and users.
Enable trusted hosts in organization settings and create an allowlist of trusted hosts for each organization user.
For an organization with trusted hosts enabled, the system also enforces the global blocklist for the users.