Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    Home 26.1.0 Admin Guide

    Managing users

    Managing users

    Column

    Description

    Checkbox

    This checkbox only applies to users who use FTM for MFA. It enables you to select a user, and then click the NEW FTM TOKEN button to request a new FTM token for the user. See Getting a new FTM token.

    USERNAME

    The username of the user.

    STATUS

    The status of the user, which can be a combination of any of the following:

    • (active)—The user is enabled.

      • Note: By default, all new users are enabled to use FIC for MFA. The FIC administrator can click this button to quickly deactivate a user when necessary. For more information, see the following bullet.

    • (disabled)—This button enables the administrator to temporarily stop the user from using FIC.

      • Note: If a user is disabled, FIC will deny all log-in requests from the user. It must be noted that disabling a user only prevents the user from using FIC, but does not remove the user from your account. FIC will continue counting it toward your user quota for the user until the user is removed from your account. The admin user can also click this button to enable the user if the user is disabled.

    • (locked)—The user is locked out.

      • Note: FIC locks a user out when the user has exceeded the specified maximum number of log-in attempts allowed. See Managing realm settings.

    • (unlocked)—The user is unlocked.

      • Note: FIC automatically unlocks users based on their lockout settings. The admin user can also manually unlock a locked user by clicking the (locked) button.

    • (Temporary token deactivated)—Temporary token is deactivated.

      (Temporary token activated)— Temporary token is activated.

    • (pending)—A token assigned to the user has not been activated yet.
    • (expired)—The user's token activation code has expired.
    • (bypass)—The user is allowed to bypass MFA.
    • (no bypass)—The user is not allowed to bypass MFA.

      • Note: The admin user can enable MFA bypass on a user from here only if Enable Bypass is enabled on the Settings page. See Managing realm settings. Otherwise, when you click the (no bypass) icon, a tool tip will appear asking you to turn on Enable Bypass on the Settings page.

    MFA

    The MFA method used by the user, which can be one of the following:

    • FTM (soft token)
    • Email
    • SMS
    • FTK (FortiToken, a hardware token)

    NOTIFICATION

    The method by which FIC sends FTM token activation/transfer notifications to the user, which can be either of the following:

    • Email—FIC sends FTM token activation/transfer notifications to the user's email address.
    • SMS—FIC sends FTM token activation/transfer notifications by SMS to the user's mobile phone.

    Note: If the user's notification method is set to SMS, make sure that the mobile phone number in the system is valid, and that you have enough credits in your account to send OTPs by SMS. For more information, see Managing realm settings.
    EMAIL

    The user's email address.

    Note: The admin user is able to edit users' email addresses.

    MOBILE PHONE

    The user's mobile phone number, if available.

    Note: The phone number must be in the format of "+ Country Code Area Code Phone Number", e.g., +1 4082221234. You can edit an end-user's mobile phone numbers.

    REALM

    The realm where the user resides.

    TYPE

    User type: remote or local

    REF COUNT

    The number of applications with referenced to the user.
    LAST LOGIN

    The timestamp of the user's last successful login.

    Tool Button

    The tool button (three dots) on the far right of the row provides the following options:

    • Edit — Edits the user's settings.

    • Manage Passkey — Manages the user's passkeys.

    • Send Invite — Sends an activation email to the newly added user for onboarding.

    • Delete — Deletes the user.
    Previous
    Next

    Managing users

    Managing users

    Column

    Description

    Checkbox

    This checkbox only applies to users who use FTM for MFA. It enables you to select a user, and then click the NEW FTM TOKEN button to request a new FTM token for the user. See Getting a new FTM token.

    USERNAME

    The username of the user.

    STATUS

    The status of the user, which can be a combination of any of the following:

    • (active)—The user is enabled.

      • Note: By default, all new users are enabled to use FIC for MFA. The FIC administrator can click this button to quickly deactivate a user when necessary. For more information, see the following bullet.

    • (disabled)—This button enables the administrator to temporarily stop the user from using FIC.

      • Note: If a user is disabled, FIC will deny all log-in requests from the user. It must be noted that disabling a user only prevents the user from using FIC, but does not remove the user from your account. FIC will continue counting it toward your user quota for the user until the user is removed from your account. The admin user can also click this button to enable the user if the user is disabled.

    • (locked)—The user is locked out.

      • Note: FIC locks a user out when the user has exceeded the specified maximum number of log-in attempts allowed. See Managing realm settings.

    • (unlocked)—The user is unlocked.

      • Note: FIC automatically unlocks users based on their lockout settings. The admin user can also manually unlock a locked user by clicking the (locked) button.

    • (Temporary token deactivated)—Temporary token is deactivated.

      (Temporary token activated)— Temporary token is activated.

    • (pending)—A token assigned to the user has not been activated yet.
    • (expired)—The user's token activation code has expired.
    • (bypass)—The user is allowed to bypass MFA.
    • (no bypass)—The user is not allowed to bypass MFA.

      • Note: The admin user can enable MFA bypass on a user from here only if Enable Bypass is enabled on the Settings page. See Managing realm settings. Otherwise, when you click the (no bypass) icon, a tool tip will appear asking you to turn on Enable Bypass on the Settings page.

    MFA

    The MFA method used by the user, which can be one of the following:

    • FTM (soft token)
    • Email
    • SMS
    • FTK (FortiToken, a hardware token)

    NOTIFICATION

    The method by which FIC sends FTM token activation/transfer notifications to the user, which can be either of the following:

    • Email—FIC sends FTM token activation/transfer notifications to the user's email address.
    • SMS—FIC sends FTM token activation/transfer notifications by SMS to the user's mobile phone.

    Note: If the user's notification method is set to SMS, make sure that the mobile phone number in the system is valid, and that you have enough credits in your account to send OTPs by SMS. For more information, see Managing realm settings.
    EMAIL

    The user's email address.

    Note: The admin user is able to edit users' email addresses.

    MOBILE PHONE

    The user's mobile phone number, if available.

    Note: The phone number must be in the format of "+ Country Code Area Code Phone Number", e.g., +1 4082221234. You can edit an end-user's mobile phone numbers.

    REALM

    The realm where the user resides.

    TYPE

    User type: remote or local

    REF COUNT

    The number of applications with referenced to the user.
    LAST LOGIN

    The timestamp of the user's last successful login.

    Tool Button

    The tool button (three dots) on the far right of the row provides the following options:

    • Edit — Edits the user's settings.

    • Manage Passkey — Manages the user's passkeys.

    • Send Invite — Sends an activation email to the newly added user for onboarding.

    • Delete — Deletes the user.
    Previous
    Next