Configuring administrator accounts and access profiles
The Administrator submenu configures administrator accounts and access profiles.
This topic includes:
Configuring administrator accounts
System > Administrator > Administrator displays a list of the administrator accounts for the FortiVoice system and the trusted host IP addresses administrators use to log in (if configured).
By default, FortiVoice systems have a single administrator account, admin
. For more granular control over administrative access, you can create additional administrator accounts with restricted permissions.
To view and configure administrator accounts
- Go to System > Administrator > Administrator.
GUI field
Description
Enabled
Displays the administrator status.
Name
Displays the name of the administrator account.
Admin Profile
The administrator profile that determines which functional areas the administrator account may view or affect.
Authentication Type
The administrator authentication type: Local,LDAP or Single Sign On.
Authentication Profile
The LDAP authentication profile. For more information, see Configuring LDAP settings.
Trusted Hosts
Displays the IP address and netmask from which the administrator can log in.
- Either click New to add an account or double-click an account to modify it.
A dialog appears.
- Configure the following:
GUI field
Description
Enabled
Click to activate the administrator status. By default, this is enabled.
Administrator
Enter the name for this administrator account.
The name can contain numbers (0‑9), uppercase and lowercase letters (A‑Z, a‑z), hyphens ( - ), and underscores ( _ ). Other special characters and spaces are not allowed.
Email address
Enter the administrator’s email address.
Associate extension
If the Authentication type is Single Sign On, select an extension.
Single sign on (SSO) allows you to connect to the FortiVoice GUI and access the user portal without having to do a second sign in. For more details about using SSO, see Connecting to the FortiVoice GUI.
Click Edit to modify the selected extension or click New to configure a new one.
For more information about extensions, see Configuring IP extensions.
For more information about the SSO configuration , see Configuring single sign on.
Admin profile
Select the name of an admin profile that determines which functional areas the administrator account may view or affect.
For the default admin account, Fortinet recommends that you keep the super_admin_prof admin profile. If you do not want the administrator account to have the super_admin_prof admin profile, create another admin account and select the admin profile that you want.
Click New to create a new profile or Edit to modify the selected profile. For details, see Configuring administrator profiles.
Access mode
Specify the access privilege: CLI, GUI, or REST API.
REST API is needed for the security fabric configuration. See Configuring FortiVoice to join the Security Fabric.
Authentication type
Select an administrator authentication type: Local, RADIUS, LDAP or Single Sign On.
For information about single sign on, see Configuring single sign on.
New password
This setting is available when the Authentication type is Local.
Enter a secure password for this account.
The password can contain any character except spaces.
Enter a FortiVoice administrator password that is at least six characters in length. For better security, enter a longer password with a complex combination of characters and numbers, and change the password regularly. Failure to provide a strong password could compromise the security of your FortiVoice system.
Confirm password
Enter the password again to confirm it.
This setting is available when the Authentication type is Local.
LDAP profile
If you select LDAP for Authentication type, select an LDAP authentication profile. For more information, see Configuring LDAP settings.
Trusted hosts type
Select a trusted host type:
- User defined: Add details about the hosts in Trusted Hosts.
- RFC 1918 predefined: FortiVoice allows connections from any private IP addresses specified by the request for comment 1918 (RFC 1918).
Trusted hosts
Enter an IPv4 or IPv6 address or subnet from which this administrator can log in.
If you want the administrator to access the FortiVoice system from any IP address, use
0.0.0.0/0.0.0.0
.Enter the IP address and netmask in dotted decimal format. For example, you might permit the administrator to log in to the FortiVoice system from your private network by typing
192.168.1.0/255.255.255.0
.For additional security, restrict all trusted host entries to administrative hosts on your trusted private network. For example, if your FortiVoice administrators log in only from the 10.10.10.10/24 subnet, to prevent possibly fraudulent login attempts from unauthorized locations, you could configure that subnet in the Trusted Host #1, Trusted Host #2, and Trusted Host #3 fields.
For information about restricting administrative access protocols that can be used by these hosts, see Editing network interfaces.
Click the + sign to add additional IP addresses or subnets from which the administrator can log in.
Select language
Select this administrator account’s preference for the display language of the GUI.
Select theme
Select this administrator account’s preference for the display theme or click Use Current to choose the theme currently in effect.
The administrator may switch the theme at any time during a session by clicking Next Theme.
Department only
Select the checkbox if this is a department administrator.
Description
Select Edit to enter any comments for the administrator account.
Departments
Click the + sign to add the department to which the administrator belongs.
This option is only available if you select Department only.
- Click Create.
Configuring administrator profiles
System > Administrator > Admin Profile displays a list of administrator access profiles.
Administrator profiles govern which areas of the GUI and CLI that an administrator can access, and whether or not they have the permissions necessary to change the configuration or otherwise modify items in each area.
To configure administrator access profiles
- Go to System > Administrator > Admin Profile.
- Either click New to add an account or double-click an access profile to modify it.
- In Profile name, enter the name for this access profile.
- For each access control option, select the permissions to be granted to administrator accounts associated with this access profile:
- None
- Read Only
- Read-Write
- Click Create.