Fortinet black logo

User Guide

Home FortiWeb Cloud User Guide

Admin management

Copy Link
Copy Doc ID 2ffc9903-bcb4-11e9-8977-00505692583a:934611
Download PDF

Admin management

From release 21.3.b, user management for FortiWeb Cloud is integrated into FortiCloud. You can add or delete users, add IAM roles in FortiCloud.

There are two admin types:

  • IAM (recommended)

    • IAM users do not need to be configured in FortiWeb Cloud. The configuration of permissions can be done solely in FortiCloud.

  • Sub-user

    • Although this admin type is supported, we advise against creating new sub-users as we will no longer be providing updates or new features related to sub-user management.

For more differences between sub-user and IAM user, refer to the FortiCloud Feature comparison chart.

The old admin users you have added before 21.3.b are still valid. It's admin type is shown as Admin (Legacy).

To add an IAM user:

Please see Adding IAM users for instructions on how to to add an IAM user in FortiCloud.

FortiWeb Cloud no longer supports configuring roles for IAM users.

To add a sub-user:

  1. Log in to FortiCloud: https://support.fortinet.com/Account/Profile.aspx.
  2. Click My Account, then select Manage User.
  3. Click the Add User icon above the top right corner of the Current Users table.
  4. Enter the required information for this user.
  5. Click Save.
  6. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  7. Go to Global > Administrators > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is Sub-user.
  8. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.
  9. On the Edit User page, from the Role drop-down list, select the role you want to assign to this user. The role defines whether the user has None, Read-only, or Read-Write permission to different parts of your account. To check the permissions of each role, go to Global > Administrators > Role Management.
  10. By assigning the user a certain role, it will by default have permission to access applications as defined in the role. However, if you want this user to have different permissions when accessing different applications, you can enable Custom Application Permissions.
    The Custom Application Permissions settings will overwrite the Application permission you have set for this role in Role Management.
    If new application is onboarded in your account, the administrators will by default have Default permission to access it.
    Please note the Read-Write permission of Application includes not only the privilege to edit configurations, but also the permission to onboard new applications.
    Leaving Custom Application Permissions disabled means this account will have the Application permission defined in the corresponding role in Global > Administrators > Role Management.

To edit or delete the account:

You can edit or delete the account in FortiCloud through https://support.fortinet.com/Account/Profile.aspx. For more information, refer to FortiCloud Online Help.

The account you used to subscribe the service is super root account with read-write permission to all resources. To protect this account, it is not listed in the Admin Management page.
Previous
Next

Admin management

From release 21.3.b, user management for FortiWeb Cloud is integrated into FortiCloud. You can add or delete users, add IAM roles in FortiCloud.

There are two admin types:

  • IAM (recommended)

    • IAM users do not need to be configured in FortiWeb Cloud. The configuration of permissions can be done solely in FortiCloud.

  • Sub-user

    • Although this admin type is supported, we advise against creating new sub-users as we will no longer be providing updates or new features related to sub-user management.

For more differences between sub-user and IAM user, refer to the FortiCloud Feature comparison chart.

The old admin users you have added before 21.3.b are still valid. It's admin type is shown as Admin (Legacy).

To add an IAM user:

Please see Adding IAM users for instructions on how to to add an IAM user in FortiCloud.

FortiWeb Cloud no longer supports configuring roles for IAM users.

To add a sub-user:

  1. Log in to FortiCloud: https://support.fortinet.com/Account/Profile.aspx.
  2. Click My Account, then select Manage User.
  3. Click the Add User icon above the top right corner of the Current Users table.
  4. Enter the required information for this user.
  5. Click Save.
  6. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  7. Go to Global > Administrators > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is Sub-user.
  8. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.
  9. On the Edit User page, from the Role drop-down list, select the role you want to assign to this user. The role defines whether the user has None, Read-only, or Read-Write permission to different parts of your account. To check the permissions of each role, go to Global > Administrators > Role Management.
  10. By assigning the user a certain role, it will by default have permission to access applications as defined in the role. However, if you want this user to have different permissions when accessing different applications, you can enable Custom Application Permissions.
    The Custom Application Permissions settings will overwrite the Application permission you have set for this role in Role Management.
    If new application is onboarded in your account, the administrators will by default have Default permission to access it.
    Please note the Read-Write permission of Application includes not only the privilege to edit configurations, but also the permission to onboard new applications.
    Leaving Custom Application Permissions disabled means this account will have the Application permission defined in the corresponding role in Global > Administrators > Role Management.

To edit or delete the account:

You can edit or delete the account in FortiCloud through https://support.fortinet.com/Account/Profile.aspx. For more information, refer to FortiCloud Online Help.

The account you used to subscribe the service is super root account with read-write permission to all resources. To protect this account, it is not listed in the Admin Management page.
Previous
Next