Fortinet black logo

Deployment Guide

Home FortiSOAR Cloud 7.4.2 Deployment Guide
7.4.2
7.5.0
7.4.3
7.4.2
7.4.1
7.4.0
7.3.1
7.3.0
7.2.1
7.2.0
7.0.2
7.0.1
7.0.0

Adding a secondary account

Adding a secondary account

You can create a secondary account for FortiSOAR Cloud. A secondary account allows the Fortinet support team to troubleshoot the FortiSOAR Cloud deployment. You can add a secondary account using Identity & Access Management (IAM) or FortiCare or by setting up External IdP roles. IAM is a service to help you control access to FortiSOAR Cloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.

Tooltip

Organizational Units (OUs) are visible to only IAM users and not to secondary users added using FortiCare.

Adding a secondary account using IAM

  1. Login to https://support.fortinet.com/.
  2. Navigate to Services > IAM.
    IAM Portal
  3. Before you can create IAM users, you must create permission profiles. Permission profiles define the level of portal access and permissions a user has. Permission profiles allow you to explicitly enable or disable access to FortiSOAR Cloudportals and grant portal-specific permissions for the enabled portals. To create permission profiles, do the following:
    1. Click the Permission Profiles menu item on the IAM portal:
      Permissions Profile Page
    2. Click Add New to display the New Portal Permission Profile page:
      New Portal Permissions Page
      1. In the Basic Info section, add the required information to create the permission profile as per your requirements. For information on creating permission profiles, see the FortiCloud Account Services Identity & Access Management documentation:
        Basic Info section on New Portal Permissions page
      2. Click Add Portal to display the Add These Portals To My Account pop-up. Use this pop-up to assign portal permissions to the user. You can assign the following permissions: Asset Management, FortiCare, FortiSOAR Cloud, IAM, etc and click Add:
        Add Portal Permissions pop-up
      3. In the Permissions Profile section, select the access type you want to assign to the user for the selected permission profiles, and click Submit:
        Selecting access type for portal permissions
        This adds the permission profile that can be assigned to users:
        Permission Profile added
  4. Click the Users menu item on the IAM portal, and then select Add New > IAM User:
    IAM Portal - Add User
    1. On the IAM User page, add the details of the user to create a new IAM user, and then click Next.
      Adding details for the IAM User
    2. On the User Permissions page, assign the IAM user the appropriate permission type, scope, profile, etc., and then click Next:
      Assigning the IAM user appropriate permissions
  5. Click Confirm to complete the user creation process:
    User
  6. On the Successful User Registration page, click Generate Password to generate a reset password link for the user to login.

    Regenerating the password renders the previous password invalid and expires in 5 days.
  7. Navigate to https://support.fortinet.com/.
  8. Click the IAM Login tab:
    Signing in as an IAM user on FortiCloud
  9. Enter your account ID, username, and new (regenerated) password, and click Log in.
  10. Once you have successfully logged in, select Services > FortiSOAR Cloud to start working in FortiSOAR Cloud.

Adding a secondary account using FortiCare

  1. Login to https://support.fortinet.com/.
  2. Click the user profile in the top-left corner and click My Account to display the Account Profile page:
  3. Click Manage User.
  4. Click the new user icon to add a new user.
    FortiCare - New User icon to add a new user
  5. When creating an account for the Fortinet support team, specify an email for the secondary account and select Full Access or Limit Access.
    A user with 'Full Access' has the same access level as a primary account user. A user with 'Limited Access' can only manage the assigned product serial number and will be unable to receive renewal notices or create additional secondary account users.
    FortiCare: Add User Form
  6. Login to https://support.fortinet.com/. In the FortiSOAR Cloud section, you will see an account listed as a secondary member.
  7. Click the entry to expand the view.
Note

A secondary account can access the portal thirty days after it expires.

To modify a secondary account:

Note

The new user must log in to FortiSOAR Cloud for the account to be displayed in the FortiSOAR instance. When a new user logs in to their account, they are automatically assigned Admin roles on FortiSOAR, if they are added as 'Full Access' users in FortiCare, and the SOC Analyst role on FortiSOAR if they are added as 'Limit Access' users in FortiCare.

The primary user or a super user can update user accounts, to, for example, change the user permissions, phone numbers, etc. as follows:

  1. Use the primary or super user credentials and login to https://support.fortinet.com/
  2. Click My Account > Manage Users.
    The Manage User page displays a list of users.
  3. Click the user whose account you want to modify to display the User Details page.
  4. On the User Details page, click Edit.
  5. On the Edit User page, modify the user account as required and click Save. For example, change the Permissions from 'Full Access' to 'Limit Access':
    Edit Secondary User Account

Setting up External IdP roles

External IdP roles allow external users to log in to a cloud portal using their company’s user credentials with a third-party ID provider. The company's ID provider verifies the identity of external IdP users. Following authentication, users can access the cloud application according to their role.

Brief process to set up External IdP roles is as follows:

  1. Send an enrollment request to forticloud-enroll-extidp@fortinet.com.
  2. The enrollment request will be reviewed and approved by the FortiCloud team.
  3. Once the enrollment request is approved, the External IdP will be configured and linked to the appropriate FortiCloud accounts by the FortiCloud FAC and Customer Ops teams.

For more information on External IdP, see the External IdP roles topic in the Identity & Access Management (IAM) guide of the FortiCloud Account Services documentation.

Once the External IdP integration is complete, log into FortiCloud, and ensure that the defined External IDP role has access permissions in the FortiSOAR Cloud's Permissions Profile section of the IAM portal:
Assign permission for the external IdP role in IAM

Additionally, note that after logging into FortiCloud, you are directed to the Asset Management portal, from which you can access the FortiSOAR Cloud portal using the same External IdP user access.

Previous
Next

Adding a secondary account

You can create a secondary account for FortiSOAR Cloud. A secondary account allows the Fortinet support team to troubleshoot the FortiSOAR Cloud deployment. You can add a secondary account using Identity & Access Management (IAM) or FortiCare or by setting up External IdP roles. IAM is a service to help you control access to FortiSOAR Cloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.

Tooltip

Organizational Units (OUs) are visible to only IAM users and not to secondary users added using FortiCare.

Adding a secondary account using IAM

  1. Login to https://support.fortinet.com/.
  2. Navigate to Services > IAM.
    IAM Portal
  3. Before you can create IAM users, you must create permission profiles. Permission profiles define the level of portal access and permissions a user has. Permission profiles allow you to explicitly enable or disable access to FortiSOAR Cloudportals and grant portal-specific permissions for the enabled portals. To create permission profiles, do the following:
    1. Click the Permission Profiles menu item on the IAM portal:
      Permissions Profile Page
    2. Click Add New to display the New Portal Permission Profile page:
      New Portal Permissions Page
      1. In the Basic Info section, add the required information to create the permission profile as per your requirements. For information on creating permission profiles, see the FortiCloud Account Services Identity & Access Management documentation:
        Basic Info section on New Portal Permissions page
      2. Click Add Portal to display the Add These Portals To My Account pop-up. Use this pop-up to assign portal permissions to the user. You can assign the following permissions: Asset Management, FortiCare, FortiSOAR Cloud, IAM, etc and click Add:
        Add Portal Permissions pop-up
      3. In the Permissions Profile section, select the access type you want to assign to the user for the selected permission profiles, and click Submit:
        Selecting access type for portal permissions
        This adds the permission profile that can be assigned to users:
        Permission Profile added
  4. Click the Users menu item on the IAM portal, and then select Add New > IAM User:
    IAM Portal - Add User
    1. On the IAM User page, add the details of the user to create a new IAM user, and then click Next.
      Adding details for the IAM User
    2. On the User Permissions page, assign the IAM user the appropriate permission type, scope, profile, etc., and then click Next:
      Assigning the IAM user appropriate permissions
  5. Click Confirm to complete the user creation process:
    User
  6. On the Successful User Registration page, click Generate Password to generate a reset password link for the user to login.

    Regenerating the password renders the previous password invalid and expires in 5 days.
  7. Navigate to https://support.fortinet.com/.
  8. Click the IAM Login tab:
    Signing in as an IAM user on FortiCloud
  9. Enter your account ID, username, and new (regenerated) password, and click Log in.
  10. Once you have successfully logged in, select Services > FortiSOAR Cloud to start working in FortiSOAR Cloud.

Adding a secondary account using FortiCare

  1. Login to https://support.fortinet.com/.
  2. Click the user profile in the top-left corner and click My Account to display the Account Profile page:
  3. Click Manage User.
  4. Click the new user icon to add a new user.
    FortiCare - New User icon to add a new user
  5. When creating an account for the Fortinet support team, specify an email for the secondary account and select Full Access or Limit Access.
    A user with 'Full Access' has the same access level as a primary account user. A user with 'Limited Access' can only manage the assigned product serial number and will be unable to receive renewal notices or create additional secondary account users.
    FortiCare: Add User Form
  6. Login to https://support.fortinet.com/. In the FortiSOAR Cloud section, you will see an account listed as a secondary member.
  7. Click the entry to expand the view.
Note

A secondary account can access the portal thirty days after it expires.

To modify a secondary account:

Note

The new user must log in to FortiSOAR Cloud for the account to be displayed in the FortiSOAR instance. When a new user logs in to their account, they are automatically assigned Admin roles on FortiSOAR, if they are added as 'Full Access' users in FortiCare, and the SOC Analyst role on FortiSOAR if they are added as 'Limit Access' users in FortiCare.

The primary user or a super user can update user accounts, to, for example, change the user permissions, phone numbers, etc. as follows:

  1. Use the primary or super user credentials and login to https://support.fortinet.com/
  2. Click My Account > Manage Users.
    The Manage User page displays a list of users.
  3. Click the user whose account you want to modify to display the User Details page.
  4. On the User Details page, click Edit.
  5. On the Edit User page, modify the user account as required and click Save. For example, change the Permissions from 'Full Access' to 'Limit Access':
    Edit Secondary User Account

Setting up External IdP roles

External IdP roles allow external users to log in to a cloud portal using their company’s user credentials with a third-party ID provider. The company's ID provider verifies the identity of external IdP users. Following authentication, users can access the cloud application according to their role.

Brief process to set up External IdP roles is as follows:

  1. Send an enrollment request to forticloud-enroll-extidp@fortinet.com.
  2. The enrollment request will be reviewed and approved by the FortiCloud team.
  3. Once the enrollment request is approved, the External IdP will be configured and linked to the appropriate FortiCloud accounts by the FortiCloud FAC and Customer Ops teams.

For more information on External IdP, see the External IdP roles topic in the Identity & Access Management (IAM) guide of the FortiCloud Account Services documentation.

Once the External IdP integration is complete, log into FortiCloud, and ensure that the defined External IDP role has access permissions in the FortiSOAR Cloud's Permissions Profile section of the IAM portal:
Assign permission for the external IdP role in IAM

Additionally, note that after logging into FortiCloud, you are directed to the Asset Management portal, from which you can access the FortiSOAR Cloud portal using the same External IdP user access.

Previous
Next