Fortinet white logo
Fortinet white logo

FortiVoice Phone System Administration Guide

Configuring administrator accounts and access profiles

Configuring administrator accounts and access profiles

The Administrator submenu configures administrator accounts and access profiles.

This topic includes:

Configuring administrator accounts

System > Administrator > Administrator displays a list of the FortiVoice unit’s administrator accounts and the trusted host IP addresses administrators use to log in (if configured).

By default, FortiVoice units have a single administrator account, admin. For more granular control over administrative access, you can create additional administrator accounts with restricted permissions.

To view and configure administrator accounts

  1. Go to System > Administrator > Administrator.

    GUI field

    Description

    Enabled

    Displays the administrator status.

    Name

    Displays the name of the administrator account.

    Admin Profile

    The administrator profile that determines which functional areas the administrator account may view or affect.

    Authentication Type

    The administrator authentication type: Local,LDAP or Single Sign On.

    Authentication Profile

    The LDAP authentication profile. For more information, see Configuring LDAP settings.

    Trusted Hosts

    Displays the IP address and netmask from which the administrator can log in.

  2. Either click New to add an account or double-click an account to modify it.

    A dialog appears.

  3. Configure the following:

    GUI field

    Description

    Enabled

    Click to activate the administrator status. By default, this is enabled.

    Administrator

    Enter the name for this administrator account.

    The name can contain numbers (0‑9), uppercase and lowercase letters (A‑Z, a‑z), hyphens ( - ), and underscores ( _ ). Other special characters and spaces are not allowed.

    Email address

    Enter the administrator’s email address.

    Associate extension

    If the Authentication type is Single Sign On, select an extension.

    Single sign on (SSO) allows you to connect to the FortiVoice GUI and access the user portal without having to do a second sign in. For more details about using SSO, see Connecting to the FortiVoice GUI.

    Click Edit to modify the selected extension or click New to configure a new one.

    For more information about extensions, see Configuring IP extensions.

    For more information about the SSO configuration , see Configuring single sign on.

    Admin profile

    Select the name of an admin profile that determines which functional areas the administrator account may view or affect.

    Click New to create a new profile or Edit to modify the selected profile. For details, see Configuring administrator profiles.

    Access mode

    Specify the access privilege: CLI, GUI, or REST API.

    REST API is needed for the security fabric configuration. See Configuring FortiVoice to join the Security Fabric.

    Authentication type

    Select an administrator authentication type: Local, RADIUS, LDAP or Single Sign On.

    For information about single sign on, see Configuring single sign on.

    New password

    Enter this account’s password.

    The password can contain any character except spaces.

    This field does not appear if Authentication type is LDAP.

    Caution

    Do not enter a FortiVoice administrator password less than six characters long. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly. Failure to provide a strong password could compromise the security of your FortiVoice unit.

    Confirm password

    Enter this account’s password again to confirm it.

    This field does not appear if Authentication type is LDAP.

    LDAP profile

    If you select LDAP for Authentication type, select an LDAP authentication profile. For more information, see Configuring LDAP settings.

    Trusted hosts type

    Select a trusted host type:

    • User defined: Add details about the hosts in Trusted Hosts.
    • RFC 1918 predefined: FortiVoice allows connections from any private IP addresses specified by the request for comment 1918 (RFC 1918).

    Trusted hosts

    Enter an IPv4 or IPv6 address or subnet from which this administrator can log in.

    If you want the administrator to access the FortiVoice unit from any IP address, use 0.0.0.0/0.0.0.0.

    Enter the IP address and netmask in dotted decimal format. For example, you might permit the administrator to log in to the FortiVoice unit from your private network by typing 192.168.1.0/255.255.255.0.

    Note

    For additional security, restrict all trusted host entries to administrative hosts on your trusted private network. For example, if your FortiVoice administrators log in only from the 10.10.10.10/24 subnet, to prevent possibly fraudulent login attempts from unauthorized locations, you could configure that subnet in the Trusted Host #1, Trusted Host #2, and Trusted Host #3 fields.

    Note

    For information on restricting administrative access protocols that can be used by these hosts, see Editing network interfaces.

    Click the + sign to add additional IP addresses or subnets from which the administrator can log in.

    Select language

    Select this administrator account’s preference for the display language of the GUI.

    Select theme

    Select this administrator account’s preference for the display theme or click Use Current to choose the theme currently in effect.

    The administrator may switch the theme at any time during a session by clicking Next Theme.

    Department only

    Select the checkbox if this is a department administrator.

    Description

    Select Edit to enter any comments for the administrator account.

    Departments

    Click the + sign to add the department to which the administrator belongs.

    This option is only available if you select Department only.

  4. Click Create.

Configuring administrator profiles

System > Administrator > Admin Profile displays a list of administrator access profiles.

Administrator profiles govern which areas of the GUI and CLI that an administrator can access, and whether or not they have the permissions necessary to change the configuration or otherwise modify items in each area.

To configure administrator access profiles

  1. Go to System > Administrator > Admin Profile.
  2. Either click New to add an account or double-click an access profile to modify it.
  3. In Profile name, enter the name for this access profile.
  4. For each access control option, select the permissions to be granted to administrator accounts associated with this access profile:
    • None
    • Read Only
    • Read-Write
  5. Click Create.

Configuring administrator accounts and access profiles

Configuring administrator accounts and access profiles

The Administrator submenu configures administrator accounts and access profiles.

This topic includes:

Configuring administrator accounts

System > Administrator > Administrator displays a list of the FortiVoice unit’s administrator accounts and the trusted host IP addresses administrators use to log in (if configured).

By default, FortiVoice units have a single administrator account, admin. For more granular control over administrative access, you can create additional administrator accounts with restricted permissions.

To view and configure administrator accounts

  1. Go to System > Administrator > Administrator.

    GUI field

    Description

    Enabled

    Displays the administrator status.

    Name

    Displays the name of the administrator account.

    Admin Profile

    The administrator profile that determines which functional areas the administrator account may view or affect.

    Authentication Type

    The administrator authentication type: Local,LDAP or Single Sign On.

    Authentication Profile

    The LDAP authentication profile. For more information, see Configuring LDAP settings.

    Trusted Hosts

    Displays the IP address and netmask from which the administrator can log in.

  2. Either click New to add an account or double-click an account to modify it.

    A dialog appears.

  3. Configure the following:

    GUI field

    Description

    Enabled

    Click to activate the administrator status. By default, this is enabled.

    Administrator

    Enter the name for this administrator account.

    The name can contain numbers (0‑9), uppercase and lowercase letters (A‑Z, a‑z), hyphens ( - ), and underscores ( _ ). Other special characters and spaces are not allowed.

    Email address

    Enter the administrator’s email address.

    Associate extension

    If the Authentication type is Single Sign On, select an extension.

    Single sign on (SSO) allows you to connect to the FortiVoice GUI and access the user portal without having to do a second sign in. For more details about using SSO, see Connecting to the FortiVoice GUI.

    Click Edit to modify the selected extension or click New to configure a new one.

    For more information about extensions, see Configuring IP extensions.

    For more information about the SSO configuration , see Configuring single sign on.

    Admin profile

    Select the name of an admin profile that determines which functional areas the administrator account may view or affect.

    Click New to create a new profile or Edit to modify the selected profile. For details, see Configuring administrator profiles.

    Access mode

    Specify the access privilege: CLI, GUI, or REST API.

    REST API is needed for the security fabric configuration. See Configuring FortiVoice to join the Security Fabric.

    Authentication type

    Select an administrator authentication type: Local, RADIUS, LDAP or Single Sign On.

    For information about single sign on, see Configuring single sign on.

    New password

    Enter this account’s password.

    The password can contain any character except spaces.

    This field does not appear if Authentication type is LDAP.

    Caution

    Do not enter a FortiVoice administrator password less than six characters long. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly. Failure to provide a strong password could compromise the security of your FortiVoice unit.

    Confirm password

    Enter this account’s password again to confirm it.

    This field does not appear if Authentication type is LDAP.

    LDAP profile

    If you select LDAP for Authentication type, select an LDAP authentication profile. For more information, see Configuring LDAP settings.

    Trusted hosts type

    Select a trusted host type:

    • User defined: Add details about the hosts in Trusted Hosts.
    • RFC 1918 predefined: FortiVoice allows connections from any private IP addresses specified by the request for comment 1918 (RFC 1918).

    Trusted hosts

    Enter an IPv4 or IPv6 address or subnet from which this administrator can log in.

    If you want the administrator to access the FortiVoice unit from any IP address, use 0.0.0.0/0.0.0.0.

    Enter the IP address and netmask in dotted decimal format. For example, you might permit the administrator to log in to the FortiVoice unit from your private network by typing 192.168.1.0/255.255.255.0.

    Note

    For additional security, restrict all trusted host entries to administrative hosts on your trusted private network. For example, if your FortiVoice administrators log in only from the 10.10.10.10/24 subnet, to prevent possibly fraudulent login attempts from unauthorized locations, you could configure that subnet in the Trusted Host #1, Trusted Host #2, and Trusted Host #3 fields.

    Note

    For information on restricting administrative access protocols that can be used by these hosts, see Editing network interfaces.

    Click the + sign to add additional IP addresses or subnets from which the administrator can log in.

    Select language

    Select this administrator account’s preference for the display language of the GUI.

    Select theme

    Select this administrator account’s preference for the display theme or click Use Current to choose the theme currently in effect.

    The administrator may switch the theme at any time during a session by clicking Next Theme.

    Department only

    Select the checkbox if this is a department administrator.

    Description

    Select Edit to enter any comments for the administrator account.

    Departments

    Click the + sign to add the department to which the administrator belongs.

    This option is only available if you select Department only.

  4. Click Create.

Configuring administrator profiles

System > Administrator > Admin Profile displays a list of administrator access profiles.

Administrator profiles govern which areas of the GUI and CLI that an administrator can access, and whether or not they have the permissions necessary to change the configuration or otherwise modify items in each area.

To configure administrator access profiles

  1. Go to System > Administrator > Admin Profile.
  2. Either click New to add an account or double-click an access profile to modify it.
  3. In Profile name, enter the name for this access profile.
  4. For each access control option, select the permissions to be granted to administrator accounts associated with this access profile:
    • None
    • Read Only
    • Read-Write
  5. Click Create.