Administrators
Use the Administrators menu to configure administrator user accounts.
Users whose Admin Profile does not have Read Write privilege under System > Admin access can only view and edit their own information.
Only the default admin account can see and access that account. Other users cannot see the default admin account in the GUI.
The following options are available:
Create New |
Create a new administrator account. |
Edit |
Edit the selected administrator account. |
Delete |
Delete the selected administrator account. |
Test Login |
Test the selected LDAP/RADIUS administrator account's login settings. A detailed debug message display any errors. |
The following information is displayed:
Name |
Administrator account name. |
Type |
Administrator type:
|
Profile |
The Admin Profile the user belongs to. |
To create a new user:
- Log in as a user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
- Click Create New.
- Configure the following and click OK.
Administrator
Name of the administrator account. The administrator name must be 1 to 30 characters using uppercase letters, lowercase letters, numbers, or the underscore character (_).
This field is only available when Type is Local.
Password of the account. The password must be 6 to 64 characters using uppercase letters, lowercase letters, numbers, or special characters.
Email Address
Email address for contact information.
Phone Number
Phone number for contact information. Phone number must start with +1.
Admin Profile
Select the Admin Profile for the user: Super Admin, Read Only, or Device.
Assigned Devices
Assign devices and/or VDOMs/Protected Domains to the user. This applies if you enable Device User.
Click in the Assigned Devices box to display the Available Devices panel which lists all available devices and VDOMs/Protected Domains. Use this panel to select or add devices.
Type
Select administrator type.
LDAP
When Type is LDAP, select the LDAP Server. For more information, see LDAP Servers.
RADIUS
When Type is RADIUS, select the RADIUS Server. For more information, see RADIUS Servers.
LDAP WILDCARD
When Type is LDAP WILDCARD, select the LDAP Server. The Administrator is LDAP_WILDCARD and cannot be edited. For more information, see Wildcard Admin Authentication.
RADIUS WILDCARD
When Type is RADIUS WILDCARD, select the Radius Server. The Administrator is RADIUS_WILDCARD and cannot be edited. For more information, see Wildcard Admin Authentication.
Device User
Enable this option to assign devices to the user. When the user logs in, only jobs belonging to the assigned devices or VDOMs/Protected Domains are visible.
You can create device groups in System > Device Groups and then assign them to a device user.
You can also assign devices on the fly by selecting self assigned in the Device Group dropdown list.
Two-factor Authentication
When administrator Type is Local, you can use two-factor authentication. Select an Authentication Type of Email, SMS, or FTM (FortiTokenMobile).
Two-factor Authentication is only available for FortiSandbox appliances, not for FortiSandbox VM.
Default On-Demand Submit settings
This option is available to administrators whose Administrator Profile > Scan Input has Read Write access.
Use this option to set the default settings in Scan Input > File On-Demand and URL On-Demand. Each administrator can have their own default settings.
For information on these settings, see File On-Demand and URL On-Demand.
Restrict login to trusted host
Expand to configure trusted hosts.
Trusted Host 1, Trusted Host 2, Trusted Host 3
Enter up to three IPv4 trusted hosts. Only users from trusted hosts can access FortiSandbox.
Trusted IPv6 Host 1, Trusted IPv6 Host 2, Trusted IPv6 Host 3
Enter up to three IPv6 trusted hosts. Only users from trusted hosts can access FortiSandbox.
Comments
Optional description comment for the administrator account.
Language
GUI language for the user: English, Japanese, or French.
To edit a user account:
- Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
- Select the user you want to edit and click Edit.
Only the admin account can edit its own settings.
When editing the admin account, you must enter the old password before you can set a new password.
- Edit the account and then retype the new password in the confirmation field.
- Click OK.
To test LDAP/RADIUS user login:
- Login as an user whose Admin Profile has Read/Write privileges under System > Admin access, and go to System > Administrators.
- Select an LDAP/RADIUS user to test.
- Click Test Login.
- In the dialog box, enter the user's password.
- Click OK.
If an error occurs, a detailed debug message appears.
When a remote RADIUS server is configured for two-factor authentication, RADIUS users must enter a FortiToken pin code or the code from email/SMS. For example, after the user clicks Login, the user must enter the code, and click Submit to complete the login.
A pin code is also needed to test login.