Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.2.12 Administration Guide
    7.2.12
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    User Groups

    User Groups

    A user group is a list of user identities. An identity can be one of the following:

    • a local user account (user name and password) stored on the Fortinet unit

    • a local user account with a password stored on a RADIUS, LDAP, or TACACS+ server

    • a RADIUS, LDAP, or TACACS+ server (all identities on the server can authenticate)

    • a user or user group defined on a Directory Service server

    There are four types of user groups:

    • Firewall

    • Fortinet Single Sign-On (FSSO)

    • RADIUS Single Sign-On (RSSO)

    • Guest

    For each resource that requires authentication, you specify which user groups are permitted access. You need to determine the number and membership of user groups appropriate to your authentication needs.

    Users that are associated with multiple groups have access to all services within those user groups. This access is only available in the CLI with the auth-multi-group command, which is enabled by default. This feature checks all groups a user belongs to for firewall authentication.

    To configure user groups, go to User & Authentication > User Groups.

    Note

    The SSO_Guest_Users group is an FSSO group that FortiProxy automatically creates for FSSO users that do not belong to any FSSO groups monitored by the collector agent. This group is read-only, which means you cannot add or delete users in the group.

    If a policy is configured to allow the SSO_Guest_Users group, users that fall in this group will be granted access without authentication by default. You can configure FortiProxy to block access from such users using the following command:

    config web-proxy explicit

    set strict-guest enable

    end

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New

    Create a user group. See Create or edit a user group.

    Edit

    Edit a user group. See Create or edit a user group.

    Clone

    Make a copy of a user group.

    Delete

    Delete a group or groups.

    Search

    Enter a search term to search the user group list.

    Group Name

    The name of the user group.

    Group Type

    The type of group: Firewall, Fortinet Single Sign-On (FSSO), RADIUS Single-Sign-On (RSSO), or Guest.

    Members

    The names of the members in the group.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
    Previous
    Next

    User Groups

    User Groups

    A user group is a list of user identities. An identity can be one of the following:

    • a local user account (user name and password) stored on the Fortinet unit

    • a local user account with a password stored on a RADIUS, LDAP, or TACACS+ server

    • a RADIUS, LDAP, or TACACS+ server (all identities on the server can authenticate)

    • a user or user group defined on a Directory Service server

    There are four types of user groups:

    • Firewall

    • Fortinet Single Sign-On (FSSO)

    • RADIUS Single Sign-On (RSSO)

    • Guest

    For each resource that requires authentication, you specify which user groups are permitted access. You need to determine the number and membership of user groups appropriate to your authentication needs.

    Users that are associated with multiple groups have access to all services within those user groups. This access is only available in the CLI with the auth-multi-group command, which is enabled by default. This feature checks all groups a user belongs to for firewall authentication.

    To configure user groups, go to User & Authentication > User Groups.

    Note

    The SSO_Guest_Users group is an FSSO group that FortiProxy automatically creates for FSSO users that do not belong to any FSSO groups monitored by the collector agent. This group is read-only, which means you cannot add or delete users in the group.

    If a policy is configured to allow the SSO_Guest_Users group, users that fall in this group will be granted access without authentication by default. You can configure FortiProxy to block access from such users using the following command:

    config web-proxy explicit

    set strict-guest enable

    end

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New

    Create a user group. See Create or edit a user group.

    Edit

    Edit a user group. See Create or edit a user group.

    Clone

    Make a copy of a user group.

    Delete

    Delete a group or groups.

    Search

    Enter a search term to search the user group list.

    Group Name

    The name of the user group.

    Group Type

    The type of group: Firewall, Fortinet Single Sign-On (FSSO), RADIUS Single-Sign-On (RSSO), or Guest.

    Members

    The names of the members in the group.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
    Previous
    Next