Fortinet Document Library

Version:


Table of Contents

User Guide

Download PDF
Copy Link

Admin management

From release 21.3.b, user management for FortiWeb Cloud is integrated into FortiCloud. You can add or delete users, add IAM roles in FortiCloud. It's also supported to integrate external IDP users.

There are three admin types:

  • Sub-user

  • IAM

  • External IDP Role

The old admin users you have added before 21.3.b are still valid. It's admin type is shown as Admin (Legacy).

The sub-user and IAM users will be assigned with a "None" role by default. You can log in to FortiWeb Cloud, go to Global > Admin Management, click the edit icon for this user, then assign it with a different role if you want.

To add a sub-user:

  1. Log in to FortiCloud: https://support.fortinet.com/Account/Profile.aspx.
  2. Click My Account, then select Manage User.
  3. Click the Add User icon above the top right corner of the Current Users table.
  4. Enter the required information for this user. The Permissions should be Full Access.
  5. Click Save.
  6. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  7. Go to Global > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is Sub-user.
  8. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.

To add an IAM user:

  1. Go the IAM portal of the FortiCloud: https://support.fortinet.com/iam/#/iam-user.
  2. Select IAM Users tab, then click Add IAM User.
  3. Enter information in User Details page. Click Next.
  4. Configure the User Permissions settings.
    1. In Cloud Management & Service section, click the Add icon.
    2. In the product list, select FortiWeb. Then click Add.
    3. Click the Edit icon before FortiWeb.
    4. Switch on the Allow Portal Access option.
    5. Select Custom for the Access Type.
    6. Click Confirm.
  5. Click Next.
  6. Click Confirm if all the information is right.
  7. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  8. Go to Global > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is IAM.
  9. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.

To add an external IDP user:

This feature is not available by default. If you want to enable this feature, please submit a request to FortiCloud team and FortiWeb Cloud team.

After this feature is enabled, perform the following operations to create an external IDP user. We assume that you have already created this user in the external IDP system and bound it with a role.

  1. Go the IAM portal of the FortiCloud: https://support.fortinet.com/iam/#/iam-user.
  2. Select Manage External IdP Roles tab, then click Add IDP Role.
  3. Configure the External IdP Role settings.
    1. The Role Name should be exactly the same with the role name in external IDP system.
    2. In Cloud Management & Service section, click the Add icon.
    3. In the product list, select FortiWeb. Then click Add.
    4. Click the Edit icon before FortiWeb.
    5. Switch on the Allow Portal Access option.
    6. Select Custom for the Access Type.
    7. Click Confirm.
  4. Click Add Role.
  5. Log in to FortiWeb Cloud.
  6. Go to Global > Admin Management.
  7. Click Add User. The Role Type is External IDP Role by default and can't be edited.
  8. Enter a name and assign a role for this user. The Name should be exactly the same with the Role Name you have configured in FortiCloud and the external IDP system.
  9. Click OK.

The external IDP user added in Admin Management is in fact a role. All the users with this role in the external IDP system can log in to FortiWeb Cloud with his external IDP account.

To edit or delete the account:

You can edit or delete the account in FortiCloud through https://support.fortinet.com/Account/Profile.aspx. For more information, refer to FortiCloud Online Help.

 

The account you used to subscribe the service is super root account with read-write permission to all resources. To protect this account, it is not listed in the Admin Management page.


 

Admin management

From release 21.3.b, user management for FortiWeb Cloud is integrated into FortiCloud. You can add or delete users, add IAM roles in FortiCloud. It's also supported to integrate external IDP users.

There are three admin types:

  • Sub-user

  • IAM

  • External IDP Role

The old admin users you have added before 21.3.b are still valid. It's admin type is shown as Admin (Legacy).

The sub-user and IAM users will be assigned with a "None" role by default. You can log in to FortiWeb Cloud, go to Global > Admin Management, click the edit icon for this user, then assign it with a different role if you want.

To add a sub-user:

  1. Log in to FortiCloud: https://support.fortinet.com/Account/Profile.aspx.
  2. Click My Account, then select Manage User.
  3. Click the Add User icon above the top right corner of the Current Users table.
  4. Enter the required information for this user. The Permissions should be Full Access.
  5. Click Save.
  6. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  7. Go to Global > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is Sub-user.
  8. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.

To add an IAM user:

  1. Go the IAM portal of the FortiCloud: https://support.fortinet.com/iam/#/iam-user.
  2. Select IAM Users tab, then click Add IAM User.
  3. Enter information in User Details page. Click Next.
  4. Configure the User Permissions settings.
    1. In Cloud Management & Service section, click the Add icon.
    2. In the product list, select FortiWeb. Then click Add.
    3. Click the Edit icon before FortiWeb.
    4. Switch on the Allow Portal Access option.
    5. Select Custom for the Access Type.
    6. Click Confirm.
  5. Click Next.
  6. Click Confirm if all the information is right.
  7. Log in to FortiWeb Cloud with super root account or other accounts which have the permission to edit Admin Management settings.
  8. Go to Global > Admin Management, you will see the user is automatically synchronized from FortiCloud. The user type is IAM.
  9. The default role for the user is None, meaning the user has neither view nor edit permission. If you want to grant the user more permissions, click the Edit icon to assign a corresponding role.

To add an external IDP user:

This feature is not available by default. If you want to enable this feature, please submit a request to FortiCloud team and FortiWeb Cloud team.

After this feature is enabled, perform the following operations to create an external IDP user. We assume that you have already created this user in the external IDP system and bound it with a role.

  1. Go the IAM portal of the FortiCloud: https://support.fortinet.com/iam/#/iam-user.
  2. Select Manage External IdP Roles tab, then click Add IDP Role.
  3. Configure the External IdP Role settings.
    1. The Role Name should be exactly the same with the role name in external IDP system.
    2. In Cloud Management & Service section, click the Add icon.
    3. In the product list, select FortiWeb. Then click Add.
    4. Click the Edit icon before FortiWeb.
    5. Switch on the Allow Portal Access option.
    6. Select Custom for the Access Type.
    7. Click Confirm.
  4. Click Add Role.
  5. Log in to FortiWeb Cloud.
  6. Go to Global > Admin Management.
  7. Click Add User. The Role Type is External IDP Role by default and can't be edited.
  8. Enter a name and assign a role for this user. The Name should be exactly the same with the Role Name you have configured in FortiCloud and the external IDP system.
  9. Click OK.

The external IDP user added in Admin Management is in fact a role. All the users with this role in the external IDP system can log in to FortiWeb Cloud with his external IDP account.

To edit or delete the account:

You can edit or delete the account in FortiCloud through https://support.fortinet.com/Account/Profile.aspx. For more information, refer to FortiCloud Online Help.

 

The account you used to subscribe the service is super root account with read-write permission to all resources. To protect this account, it is not listed in the Admin Management page.