config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set id {integer}
        set group-type [firewall|fsso-service|...]
        set authtimeout {integer}
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set http-digest-realm {string}
        set sso-attribute-value {string}
        set logic-type [or|and]
        set negate [enable|disable]
        set member <name1>, <name2>, ...
        config match
            Description: Group matches.
            edit <id>
                set server-name {string}
                set group-name {string}
            next
        end
        set user-id [email|auto-generate|...]
        set password [auto-generate|specify|...]
        set user-name [disable|enable]
        set sponsor [optional|mandatory|...]
        set company [optional|mandatory|...]
        set email [disable|enable]
        set mobile-phone [disable|enable]
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set expire-type [immediately|first-successful-login]
        set expire {integer}
        set max-accounts {integer}
        set multiple-guest-add [disable|enable]
        config guest
            Description: Guest User.
            edit <id>
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
    next
end

config user group

Parameter

Description

Type

Size

Default

name

Group name.

string

Maximum length: 35

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

firewall

Option	Description
firewall	Firewall.
fsso-service	Fortinet Single Sign-On Service.
rsso	RADIUS based Single Sign-On Service.
guest	Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

disable

Option	Description
enable	Enable auth-concurrent-override.
disable	Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user (0 - 100).

integer

Minimum value: 0 Maximum value: 100

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

logic-type

Set the logic between members or matching entries.

option

Option	Description
or	Logic OR between members or match entries.
and	Logic AND between members or match entries.

negate

When enabled, user group match against any user EXCEPT the specified user group.

option

disable

Option	Description
enable	Enable user group negate.
disable	Disable user group negate.

member <name>

Names of users, peers, LDAP severs, RADIUS servers or external idp servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

Option	Description
email	Email address.
auto-generate	Automatically generate.
specify	Specify.

password

Guest user password type.

option

auto-generate

Option	Description
auto-generate	Automatically generate.
specify	Specify.
disable	Disable.

user-name

Enable/disable the guest user name entry.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

sponsor

Set the action for the sponsor guest user field.

option

optional

Option	Description
optional	Optional.
mandatory	Mandatory.
disabled	Disabled.

company

Set the action for the company guest user field.

option

optional

Option	Description
optional	Optional.
mandatory	Mandatory.
disabled	Disabled.

Enable/disable the guest user email address field.

option

enable

Option	Description
disable	Disable setting.
enable	Enable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

fortiguard

Option	Description
fortiguard	Send SMS by FortiGuard.
custom	Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

immediately

Option	Description
immediately	Immediately.
first-successful-login	First successful login.

expire

Time in seconds before guest user accounts expire (1 - 31536000).

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024

multiple-guest-add

Enable/disable addition of multiple guests.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

config match

Parameter	Description	Type	Size	Default
id	ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
server-name	Name of remote auth server.	string	Maximum length: 35
group-name	Name of matching user or group on remote authentication server.	string	Maximum length: 511

config guest

Parameter	Description	Type	Size	Default
id	Guest ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
user-id	Guest ID.	string	Maximum length: 64
name	Guest name.	string	Maximum length: 64
password	Guest password.	password	Not Specified
mobile-phone	Mobile phone.	string	Maximum length: 35
sponsor	Set the action for the sponsor guest user field.	string	Maximum length: 35
company	Set the action for the company guest user field.	string	Maximum length: 35
email	Email.	string	Maximum length: 64
expiration	Expire time.	user	Not Specified
comment	Comment.	var-string	Maximum length: 255

config user group

Configure user groups.

config user group
    Description: Configure user groups.
    edit <name>
        set id {integer}
        set group-type [firewall|fsso-service|...]
        set authtimeout {integer}
        set auth-concurrent-override [enable|disable]
        set auth-concurrent-value {integer}
        set http-digest-realm {string}
        set sso-attribute-value {string}
        set logic-type [or|and]
        set negate [enable|disable]
        set member <name1>, <name2>, ...
        config match
            Description: Group matches.
            edit <id>
                set server-name {string}
                set group-name {string}
            next
        end
        set user-id [email|auto-generate|...]
        set password [auto-generate|specify|...]
        set user-name [disable|enable]
        set sponsor [optional|mandatory|...]
        set company [optional|mandatory|...]
        set email [disable|enable]
        set mobile-phone [disable|enable]
        set sms-server [fortiguard|custom]
        set sms-custom-server {string}
        set expire-type [immediately|first-successful-login]
        set expire {integer}
        set max-accounts {integer}
        set multiple-guest-add [disable|enable]
        config guest
            Description: Guest User.
            edit <id>
                set user-id {string}
                set name {string}
                set password {password}
                set mobile-phone {string}
                set sponsor {string}
                set company {string}
                set email {string}
                set expiration {user}
                set comment {var-string}
            next
        end
    next
end

config user group

Parameter

Description

Type

Size

Default

name

Group name.

string

Maximum length: 35

Group ID.

integer

Minimum value: 0 Maximum value: 4294967295

group-type

Set the group to be for firewall authentication, FSSO, RSSO, or guest users.

option

firewall

Option	Description
firewall	Firewall.
fsso-service	Fortinet Single Sign-On Service.
rsso	RADIUS based Single Sign-On Service.
guest	Guest.

authtimeout

Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.

integer

Minimum value: 0 Maximum value: 43200

auth-concurrent-override

Enable/disable overriding the global number of concurrent authentication sessions for this user group.

option

disable

Option	Description
enable	Enable auth-concurrent-override.
disable	Disable auth-concurrent-override.

auth-concurrent-value

Maximum number of concurrent authenticated connections per user (0 - 100).

integer

Minimum value: 0 Maximum value: 100

http-digest-realm

Realm attribute for MD5-digest authentication.

string

Maximum length: 35

sso-attribute-value

Name of the RADIUS user group that this local user group represents.

string

Maximum length: 511

logic-type

Set the logic between members or matching entries.

option

Option	Description
or	Logic OR between members or match entries.
and	Logic AND between members or match entries.

negate

When enabled, user group match against any user EXCEPT the specified user group.

option

disable

Option	Description
enable	Enable user group negate.
disable	Disable user group negate.

member <name>

Names of users, peers, LDAP severs, RADIUS servers or external idp servers to add to the user group.

Group member name.

string

Maximum length: 511

user-id

Guest user ID type.

option

Option	Description
email	Email address.
auto-generate	Automatically generate.
specify	Specify.

password

Guest user password type.

option

auto-generate

Option	Description
auto-generate	Automatically generate.
specify	Specify.
disable	Disable.

user-name

Enable/disable the guest user name entry.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

sponsor

Set the action for the sponsor guest user field.

option

optional

Option	Description
optional	Optional.
mandatory	Mandatory.
disabled	Disabled.

company

Set the action for the company guest user field.

option

optional

Option	Description
optional	Optional.
mandatory	Mandatory.
disabled	Disabled.

Enable/disable the guest user email address field.

option

enable

Option	Description
disable	Disable setting.
enable	Enable setting.

mobile-phone

Enable/disable the guest user mobile phone number field.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

sms-server

Send SMS through FortiGuard or other external server.

option

fortiguard

Option	Description
fortiguard	Send SMS by FortiGuard.
custom	Send SMS by custom server.

sms-custom-server

SMS server.

string

Maximum length: 35

expire-type

Determine when the expiration countdown begins.

option

immediately

Option	Description
immediately	Immediately.
first-successful-login	First successful login.

expire

Time in seconds before guest user accounts expire (1 - 31536000).

integer

Minimum value: 1 Maximum value: 31536000

14400

max-accounts

Maximum number of guest accounts that can be created for this group (0 means unlimited).

integer

Minimum value: 0 Maximum value: 1024

multiple-guest-add

Enable/disable addition of multiple guests.

option

disable

Option	Description
disable	Disable setting.
enable	Enable setting.

config match

Parameter	Description	Type	Size	Default
id	ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
server-name	Name of remote auth server.	string	Maximum length: 35
group-name	Name of matching user or group on remote authentication server.	string	Maximum length: 511

config guest

Parameter	Description	Type	Size	Default
id	Guest ID.	integer	Minimum value: 0 Maximum value: 4294967295	0
user-id	Guest ID.	string	Maximum length: 64
name	Guest name.	string	Maximum length: 64
password	Guest password.	password	Not Specified
mobile-phone	Mobile phone.	string	Maximum length: 35
sponsor	Set the action for the sponsor guest user field.	string	Maximum length: 35
company	Set the action for the company guest user field.	string	Maximum length: 35
email	Email.	string	Maximum length: 64
expiration	Expire time.	user	Not Specified
comment	Comment.	var-string	Maximum length: 255

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config user group

config user group

config user group

config match

config guest

config user group

config user group

config user group

config match

config guest