Fortinet black logo

User Guide

Home FortiNDR Cloud User Guide

Creating users and assigning roles

Creating users and assigning roles

Go to Account Management > Users to add users and assign roles. You also have the option of creating API Only users. The User Management table displays all the users with access to the portal. A green Admin icon appears next to the email addresses of users with Admin privileges.

The Account Management > Users page displays the following information:

Column Description
Email The user's email address
Full Name The user's full name.
First Name The user's first name.
Last Name The user's last name.
UUID The user's unique ID.
Last Login The date and time the user last logged into the account.
Created The date the user was crated.
Updated The date and time the user's details were updated.
Status The user's current status (Enabled/Disabled).
Locked Out Indicates the user has been locked out of the account.
MFA Indicates Mufti-Factor Authentication is enabled or disabled.
Roles The user role. This column is not displayed by default.
Actions

Use the menu in this column to:

  • Edit the user details
  • Move the user between accounts
  • Email/reset the password.
  • Disable the user.
To create a new user:
  1. Click the gear icon at the top-right of the page and select Account Management. (Click the Users tab if it is not already open.)

  2. Click Create User. The Create New User dialog opens.
  3. Enter the user's details. Required fields are indicated with an asterisk (*).

    EmailEnter the user's email address.
    First nameEnter the user's first name.
    Last nameEnter the user's last name.
    Assign role

    Select one of the following options.

    • User
    • Limited User
    • Admin
    API Only

    API-only users are primarily designed for integration configurations. They cannot have passwords or multi-factor authentication enabled, they do not receive emails, and their keys are managed entirely by those with Admin privileges for the account.

    API-only users do not appear in the user list by default, but can be displayed by adjusting the page filters. See, To filter the user list.

    Note

    API Only is the user role when mandatory SSO is enabled. See Settings (Account Management).

  4. Click Create.
Note

New users are automatically assigned the Training User role on the Training Modern account, even if the administrator has not assigned any roles to the user. If the account is a parent account, and the administrator has access to child accounts, then a checkbox is available to include child accounts.
To view user details:
  • Double-click a user in the list. The user details pane opens.

Note
  • The following icon indicates the user belongs to child accounts.
  • Edit and Reset Password are disabled with mandatory SSO is enabled. See Settings (Account Management).
To filter the user list:
  1. Click the Filter icon.

  2. Select the filter type.

    StatusSelect All, Enabled or Disabled.
    User Type Select All, Portal or API Only.

    Account Access

    Select an account from the dropdown list.

    User Role

    Select a user role from the dropdown list.

To update a user's details:
  1. Click a user in the list. The User Details pane opens.

    OptionPurpose
    EditModify the email or name for the user account.

    Move

    Assign the user to a different account.

    Assign Role

    Assign a role to a user.

    • User
    • Limited User
    • Admin
    Reset PasswordSend an email with a password reset link to the user.
    Disable MFADisable the requirement for an MFA token for the user. If Require MFA is enabled for the account, the user will be required to re-establish an MFA token on next log in.
    UnlockUnlock the user account. User accounts are locked after five failed password attempts in 10 minutes.
    Disable UserDisable log in access to the user account and any of its API tokens.
    Tooltip

    Optionally, you can use the menu in the Actions column to quickly Edit User, Move User, Email Password Reset or Disable User.

    The Edit Userand Email Password Reset are disabled when mandatory SSO is enabled. See Settings (Account Management).

  2. Click close (X) to close the pane.
To perform bulk actions:
  1. Select the users in the lists or select all. The tools icon is activated.

  2. Click the tool icon and select Move Users, Enable Users, Disable Users, Assign Role or Revoke Role.
To export the user list as a CSV file:
  • In the toolbar, click the CSV button. The list is saved to your device.

Note

In the user_role column, if the user has:

  • No account name in front of the role, this indicates the user belongs to the current account (Admin, User, Limited User).
  • The same role in two or more accounts, the account name is displayed followed by a colon (:) followed by the user role.
Previous
Next

On This Page

Creating users
API only users
Managing users
Move a user to a different account

Creating users and assigning roles

Go to Account Management > Users to add users and assign roles. You also have the option of creating API Only users. The User Management table displays all the users with access to the portal. A green Admin icon appears next to the email addresses of users with Admin privileges.

The Account Management > Users page displays the following information:

Column Description
Email The user's email address
Full Name The user's full name.
First Name The user's first name.
Last Name The user's last name.
UUID The user's unique ID.
Last Login The date and time the user last logged into the account.
Created The date the user was crated.
Updated The date and time the user's details were updated.
Status The user's current status (Enabled/Disabled).
Locked Out Indicates the user has been locked out of the account.
MFA Indicates Mufti-Factor Authentication is enabled or disabled.
Roles The user role. This column is not displayed by default.
Actions

Use the menu in this column to:

  • Edit the user details
  • Move the user between accounts
  • Email/reset the password.
  • Disable the user.
To create a new user:
  1. Click the gear icon at the top-right of the page and select Account Management. (Click the Users tab if it is not already open.)

  2. Click Create User. The Create New User dialog opens.
  3. Enter the user's details. Required fields are indicated with an asterisk (*).

    EmailEnter the user's email address.
    First nameEnter the user's first name.
    Last nameEnter the user's last name.
    Assign role

    Select one of the following options.

    • User
    • Limited User
    • Admin
    API Only

    API-only users are primarily designed for integration configurations. They cannot have passwords or multi-factor authentication enabled, they do not receive emails, and their keys are managed entirely by those with Admin privileges for the account.

    API-only users do not appear in the user list by default, but can be displayed by adjusting the page filters. See, To filter the user list.

    Note

    API Only is the user role when mandatory SSO is enabled. See Settings (Account Management).

  4. Click Create.
Note

New users are automatically assigned the Training User role on the Training Modern account, even if the administrator has not assigned any roles to the user. If the account is a parent account, and the administrator has access to child accounts, then a checkbox is available to include child accounts.
To view user details:
  • Double-click a user in the list. The user details pane opens.

Note
  • The following icon indicates the user belongs to child accounts.
  • Edit and Reset Password are disabled with mandatory SSO is enabled. See Settings (Account Management).
To filter the user list:
  1. Click the Filter icon.

  2. Select the filter type.

    StatusSelect All, Enabled or Disabled.
    User Type Select All, Portal or API Only.

    Account Access

    Select an account from the dropdown list.

    User Role

    Select a user role from the dropdown list.

To update a user's details:
  1. Click a user in the list. The User Details pane opens.

    OptionPurpose
    EditModify the email or name for the user account.

    Move

    Assign the user to a different account.

    Assign Role

    Assign a role to a user.

    • User
    • Limited User
    • Admin
    Reset PasswordSend an email with a password reset link to the user.
    Disable MFADisable the requirement for an MFA token for the user. If Require MFA is enabled for the account, the user will be required to re-establish an MFA token on next log in.
    UnlockUnlock the user account. User accounts are locked after five failed password attempts in 10 minutes.
    Disable UserDisable log in access to the user account and any of its API tokens.
    Tooltip

    Optionally, you can use the menu in the Actions column to quickly Edit User, Move User, Email Password Reset or Disable User.

    The Edit Userand Email Password Reset are disabled when mandatory SSO is enabled. See Settings (Account Management).

  2. Click close (X) to close the pane.
To perform bulk actions:
  1. Select the users in the lists or select all. The tools icon is activated.

  2. Click the tool icon and select Move Users, Enable Users, Disable Users, Assign Role or Revoke Role.
To export the user list as a CSV file:
  • In the toolbar, click the CSV button. The list is saved to your device.

Note

In the user_role column, if the user has:

  • No account name in front of the role, this indicates the user belongs to the current account (Admin, User, Limited User).
  • The same role in two or more accounts, the account name is displayed followed by a colon (:) followed by the user role.
Previous
Next