Fortinet white logo
Fortinet white logo

CLI Reference

config user group

config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set id {integer}
        set group-type [firewall|fsso-service|...]
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set http-digest-realm {string}
        set sso-attribute-value {string}
        set logic-type [or|and]
        set member <name1>, <name2>, ...
        config match
            Description: Group matches.
            edit <id>
                set server-name {string}
                set group-name {string}
            next
        end
        set user-id [email|auto-generate|...]
        set password [auto-generate|specify|...]
        set user-name [disable|enable]
        set sponsor [optional|mandatory|...]
        set company [optional|mandatory|...]
        set email [disable|enable]
        set mobile-phone [disable|enable]
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set expire-type [immediately|first-successful-login]
        set expire {integer}
        set max-accounts {integer}
        set multiple-guest-add [disable|enable]
        config guest
            Description: Guest User.
            edit <id>
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
    next
end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

logic-type

Set the logic between members or matching entries.

option

-

or

Option

Description

or

Logic OR between members or match entries.

and

Logic AND between members or match entries.

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire .

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Maximum length: 35

group-name

Name of matching user or group on remote authentication server.

string

Maximum length: 511

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Maximum length: 64

name

Guest name.

string

Maximum length: 64

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Maximum length: 35

sponsor

Set the action for the sponsor guest user field.

string

Maximum length: 35

company

Set the action for the company guest user field.

string

Maximum length: 35

email

Email.

string

Maximum length: 64

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Maximum length: 255

config user group

config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set id {integer}
        set group-type [firewall|fsso-service|...]
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set http-digest-realm {string}
        set sso-attribute-value {string}
        set logic-type [or|and]
        set member <name1>, <name2>, ...
        config match
            Description: Group matches.
            edit <id>
                set server-name {string}
                set group-name {string}
            next
        end
        set user-id [email|auto-generate|...]
        set password [auto-generate|specify|...]
        set user-name [disable|enable]
        set sponsor [optional|mandatory|...]
        set company [optional|mandatory|...]
        set email [disable|enable]
        set mobile-phone [disable|enable]
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set expire-type [immediately|first-successful-login]
        set expire {integer}
        set max-accounts {integer}
        set multiple-guest-add [disable|enable]
        config guest
            Description: Guest User.
            edit <id>
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
    next
end

config user group

Parameter

Description

Type

Size

Default

id

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

-

firewall

Option

Description

firewall

Firewall.

fsso-service

Fortinet Single Sign-On Service.

rsso

RADIUS based Single Sign-On Service.

guest

Guest.

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

-

disable

Option

Description

enable

Enable auth-concurrent-override.

disable

Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user .

integer

Minimum value: 0 Maximum value: 100

0

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

logic-type

Set the logic between members or matching entries.

option

-

or

Option

Description

or

Logic OR between members or match entries.

and

Logic AND between members or match entries.

member <name>

Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

-

email

Option

Description

email

Email address.

auto-generate

Automatically generate.

specify

Specify.

password

Guest user password type.

option

-

auto-generate

Option

Description

auto-generate

Automatically generate.

specify

Specify.

disable

Disable.

user-name

Enable/disable the guest user name entry.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sponsor

Set the action for the sponsor guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

company

Set the action for the company guest user field.

option

-

optional

Option

Description

optional

Optional.

mandatory

Mandatory.

disabled

Disabled.

email

Enable/disable the guest user email address field.

option

-

enable

Option

Description

disable

Enable setting.

enable

Disable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

-

fortiguard

Option

Description

fortiguard

Send SMS by FortiGuard.

custom

Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

-

immediately

Option

Description

immediately

Immediately.

first-successful-login

First successful login.

expire

Time in seconds before guest user accounts expire .

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024

0

multiple-guest-add

Enable/disable addition of multiple guests.

option

-

disable

Option

Description

disable

Enable setting.

enable

Disable setting.

config match

Parameter

Description

Type

Size

Default

server-name

Name of remote auth server.

string

Maximum length: 35

group-name

Name of matching user or group on remote authentication server.

string

Maximum length: 511

config guest

Parameter

Description

Type

Size

Default

user-id

Guest ID.

string

Maximum length: 64

name

Guest name.

string

Maximum length: 64

password

Guest password.

password

Not Specified

mobile-phone

Mobile phone.

string

Maximum length: 35

sponsor

Set the action for the sponsor guest user field.

string

Maximum length: 35

company

Set the action for the company guest user field.

string

Maximum length: 35

email

Email.

string

Maximum length: 64

expiration

Expire time.

user

Not Specified

comment

Comment.

var-string

Maximum length: 255