Adding a secondary account
You can create a secondary account for FortiSOAR Cloud. A secondary account allows the Fortinet support team to troubleshoot the FortiSOAR Cloud deployment. You can add a secondary account using Identity & Access Management (IAM) or FortiCare or by setting up External IdP roles. IAM is a service to help you control access to FortiSOAR Cloud portals and assets. You can use the portal to manage users, authentication credentials, and asset permissions.
Organizational Units (OUs) are visible to only IAM users and not to secondary users added using FortiCare. |
Adding a secondary account using IAM
- Login to https://support.fortinet.com/.
- Navigate to Services > IAM.
- Before you can create IAM users, you must create permission profiles. Permission profiles define the level of portal access and permissions a user has. Permission profiles allow you to explicitly enable or disable access to FortiSOAR Cloudportals and grant portal-specific permissions for the enabled portals. To create permission profiles, do the following:
- Click the Permission Profiles menu item on the IAM portal:
- Click Add New to display the
New Portal Permission Profile
page:- In the
Basic Info
section, add the required information to create the permission profile as per your requirements. For information on creating permission profiles, see the FortiCloud Account Services Identity & Access Management documentation: - Click Add Portal to display the
Add These Portals To My Account
pop-up. Use this pop-up to assign portal permissions to the user. You can assign the following permissions: Asset Management, FortiCare, FortiSOAR Cloud, IAM, etc and click Add: - In the
Permissions Profile
section, select the access type you want to assign to the user for the selected permission profiles, and click Submit:
This adds the permission profile that can be assigned to users:
- In the
- Click the Permission Profiles menu item on the IAM portal:
- Click the Users menu item on the IAM portal, and then select Add New > IAM User:
- On the
IAM User
page, add the details of the user to create a new IAM user, and then click Next. - On the
User Permissions
page, assign the IAM user the appropriate permission type, scope, profile, etc., and then click Next:
- On the
- Click Confirm to complete the user creation process:
- On the
Successful User Registration
page, click Generate Password to generate a reset password link for the user to login.
Regenerating the password renders the previous password invalid and expires in 5 days. - Navigate to https://support.fortinet.com/.
- Click the IAM Login tab:
- Enter your account ID, username, and new (regenerated) password, and click Log in.
- Once you have successfully logged in, select Services > FortiSOAR Cloud to start working in FortiSOAR Cloud.
Adding a secondary account using FortiCare
- Login to https://support.fortinet.com/.
- Click the user profile in the top-left corner and click My Account to display the
Account Profile
page: - Click Manage User.
- Click the new user icon to add a new user.
- When creating an account for the Fortinet support team, specify an email for the secondary account and select Full Access or Limit Access.
A user with 'Full Access' has the same access level as a primary account user. A user with 'Limited Access' can only manage the assigned product serial number and will be unable to receive renewal notices or create additional secondary account users. - Login to https://support.fortinet.com/. In the FortiSOAR Cloud section, you will see an account listed as a secondary member.
- Click the entry to expand the view.
A secondary account can access the portal thirty days after it expires. |
To modify a secondary account:
The new user must log in to FortiSOAR Cloud for the account to be displayed in the FortiSOAR instance. When a new user logs in to their account, they are automatically assigned Admin roles on FortiSOAR, if they are added as 'Full Access' users in FortiCare, and the SOC Analyst role on FortiSOAR if they are added as 'Limit Access' users in FortiCare. |
The primary user or a super user can update user accounts, to, for example, change the user permissions, phone numbers, etc. as follows:
- Use the primary or super user credentials and login to https://support.fortinet.com/
- Click My Account > Manage Users.
TheManage User
page displays a list of users. - Click the user whose account you want to modify to display the
User Details
page. - On the
User Details
page, click Edit. - On the
Edit User
page, modify the user account as required and click Save. For example, change the Permissions from 'Full Access' to 'Limit Access':
Setting up External IdP roles
External IdP roles allow external users to log in to a cloud portal using their company’s user credentials with a third-party ID provider. The company's ID provider verifies the identity of external IdP users. Following authentication, users can access the cloud application according to their role.
Brief process to set up External IdP roles is as follows:
- Send an enrollment request to forticloud-enroll-extidp@fortinet.com.
- The enrollment request will be reviewed and approved by the FortiCloud team.
- Once the enrollment request is approved, the External IdP will be configured and linked to the appropriate FortiCloud accounts by the FortiCloud FAC and Customer Ops teams.
For more information on External IdP, see the External IdP roles
topic in the Identity & Access Management (IAM) guide of the FortiCloud Account Services documentation.
Once the External IdP integration is complete, log into FortiCloud, and ensure that the defined External IDP role has access permissions in the FortiSOAR Cloud's Permissions Profile
section of the IAM portal:
Additionally, note that after logging into FortiCloud, you are directed to the Asset Management portal, from which you can access the FortiSOAR Cloud portal using the same External IdP user access.