Fortinet black logo

User Guide

Home FortiRecon 24.2.0 User Guide
24.2.0
24.2.0
24.1.b
24.1.a
24.1.0
23.4.a
23.4.0
23.3.a
23.3.0
23.2.b
23.2.a
23.2.0
23.1.b
23.1.a
23.1.0
22.4.a
22.4.0
22.3.0
22.2.0

Manage Users

Manage Users

Once member accounts are added to the OUs, you can create an Organization administrative IAM user that can create and manage IAM users for the Organization OUs.

The process for creating an Organization administrative IAM user is as follows:

  1. Go to the Services > IAM portal.

  2. Create a new permission profile for the Organization administrative IAM user:

    1. Go to Permission Profiles and create a new profile.

    2. Set the type to Organization.

    3. Add the Asset Management, FortiCare and FortiRecon portals. Select either Admin or ReadOnly access for FortiRecon and FortiCare portals as per your requirement.

    4. Click Submit.

      Note

      MSSP root admin/OU admins should have Admin access for Recon portal.

    See Permission profiles within Organizations in the Identity & Access Management guide for more information.

  3. Create the Organization administrative IAM user:

    1. Click Add New > IAM User. The User Details pane opens.

    2. Enter the user's details and click Next.

      Username

      Type the username with no spaces. The username specified here will be used to login.
      Full Name Type the user's first and last name.
      Email Type the user's email address.
      Phone Select the country code from the dropdown, and type the user's phone number.
      Description (Optional) Type a description of the user.

    3. Set the type to Organization.

    4. Set the Permission Scope to the Organization.

    5. Select the permission profile created in the previous step.

    6. Verify the details and click Confirm.

    7. Generate an IAM user login password.

      1. Go to IAM Users, and click the full name of the user. The User Profile tab is displayed.

      2. Go to the Security Credentials tab, and click Generate Password. Password reset link will be generated.

See Creating users, user groups, and roles within Organizations in the Identity & Access Management guide for more information.

Based on the access type and permission scope provided, the following roles are supported for FortiRecon:

Role

Description
pAdmin The IAM user with admin access and root organization as permission scope will be the pAdmin. pAdmins have the ability to create and edit organizations within FortiRecon.
pUser The IAM user with read only access and root organization as permission scope will be the pUsers. pUsers have a complete view of the organization/OU structure and read only access to FortiRecon portal. They cannot create or edit organizations.
OU Admin The IAM user with admin access and any OU except root organization as permission scope will be the OU Admin. OU Admins will be admins for the respective organization provisioned under their OU.
OU User The IAM user with read only access and any OU except root organization as permission scope will be the OU User. OU Users have read only access and can view the organization/OU structure but they will not be redirected to the FortiRecon portal unless their access is provisioned by pAdmin or OU admin.
Root account user Only root account users will able to enable or disable other IAM users by updating user profiles in FortiCare.

The root account user must share the following details with IAM user:

  • Account ID - the Account ID of the root account user where IAM is added

  • Username - the IAM username provided during user creation

  • Password reset link

If the IAM user is logging in for the first time, email verification is required.

Previous
Next

Manage Users

Once member accounts are added to the OUs, you can create an Organization administrative IAM user that can create and manage IAM users for the Organization OUs.

The process for creating an Organization administrative IAM user is as follows:

  1. Go to the Services > IAM portal.

  2. Create a new permission profile for the Organization administrative IAM user:

    1. Go to Permission Profiles and create a new profile.

    2. Set the type to Organization.

    3. Add the Asset Management, FortiCare and FortiRecon portals. Select either Admin or ReadOnly access for FortiRecon and FortiCare portals as per your requirement.

    4. Click Submit.

      Note

      MSSP root admin/OU admins should have Admin access for Recon portal.

    See Permission profiles within Organizations in the Identity & Access Management guide for more information.

  3. Create the Organization administrative IAM user:

    1. Click Add New > IAM User. The User Details pane opens.

    2. Enter the user's details and click Next.

      Username

      Type the username with no spaces. The username specified here will be used to login.
      Full Name Type the user's first and last name.
      Email Type the user's email address.
      Phone Select the country code from the dropdown, and type the user's phone number.
      Description (Optional) Type a description of the user.

    3. Set the type to Organization.

    4. Set the Permission Scope to the Organization.

    5. Select the permission profile created in the previous step.

    6. Verify the details and click Confirm.

    7. Generate an IAM user login password.

      1. Go to IAM Users, and click the full name of the user. The User Profile tab is displayed.

      2. Go to the Security Credentials tab, and click Generate Password. Password reset link will be generated.

See Creating users, user groups, and roles within Organizations in the Identity & Access Management guide for more information.

Based on the access type and permission scope provided, the following roles are supported for FortiRecon:

Role

Description
pAdmin The IAM user with admin access and root organization as permission scope will be the pAdmin. pAdmins have the ability to create and edit organizations within FortiRecon.
pUser The IAM user with read only access and root organization as permission scope will be the pUsers. pUsers have a complete view of the organization/OU structure and read only access to FortiRecon portal. They cannot create or edit organizations.
OU Admin The IAM user with admin access and any OU except root organization as permission scope will be the OU Admin. OU Admins will be admins for the respective organization provisioned under their OU.
OU User The IAM user with read only access and any OU except root organization as permission scope will be the OU User. OU Users have read only access and can view the organization/OU structure but they will not be redirected to the FortiRecon portal unless their access is provisioned by pAdmin or OU admin.
Root account user Only root account users will able to enable or disable other IAM users by updating user profiles in FortiCare.

The root account user must share the following details with IAM user:

  • Account ID - the Account ID of the root account user where IAM is added

  • Username - the IAM username provided during user creation

  • Password reset link

If the IAM user is logging in for the first time, email verification is required.

Previous
Next