User groups
Users can be assigned to groups during user account configuration (see Editing a user on page 60), or by editing the groups to add users to it.
To view the user groups list, go to Authentication > User Management > User Groups.
To create a new user group:
- Go to Authentication > User Management > User Groups and select Create New. The Create New UserGroup window opens.
69
- Enter the following information:
| Name | Enter a name for the group. |
| Type | Select the type of group, Local, Remote LDAP, or Remote RADIUS. |
| Users | Select users from the Available users box and move them to the Selected users box to add them to the group.
This option is only available if Type is Local. |
| User retrieval | Determine group membership by selecting either Specify an LDAP filter or
Set a list of imported remote users . This option is only available if Type is Remote LDAP. |
| Remote LDAP | Select a remote LDAP server from the drop-down list. At least one remote LDAP server must already be configured, see Remote authentication servers on page 88 .
This option is only available if Type is Remote LDAP. |
| Remote RADIUS | Select a remote RADIUS server from the drop-down list. At least one
remote RADIUS server must already be configured, see Remote authentication servers on page 88 . This option is only available if Type is Remote RADIUS. |
| LDAP filter | Enter an LDAP filter. Optionally, select Test filter to ensure that the filter works as expected.
This option is only available if Type is Remote LDAP and Userretrieval is set to Specify an LDAP filter. |
| LDAP users | Select remote LDAP users from the Available LDAP users box and move them to the Selected LDAP users box to add them to the remote group. This option is only available if Type is Remote LDAP and Userretrieval is set to Set a list of imported remote users. |
| RADIUS users | Select remote RADIUS users from the Available RADIUS users box and move them to the Selected RADIUS users box to add them to the remote group.
This option is only available if Type is Remote RADIUS. |
- Select OK to create the new group.
To edit a user group:
- In the user group list, select the group that you need to edit.
- Edit the settings as required. The settings are the same as when creating a new group.
- Select OK to apply your changes.
Organizations
Organizations include a name and logo. An organization can be associated with local and remote users.
When a user provisions FortiToken Mobile on their device, the organization name and logo are automatically pushed to the device, allowing the FortiToken Mobile App’s user interface to be rebranded.
Organizations can be created, edited, and deleted as needed. Organization are applied to users from the various user management pages. See Local users on page 58, Remote users on page 65, and Remote user sync rules on page 68.
To manage organizations, go to Authentication > UserManagement > Organizations.
To create a new organization:
- From the organization list, select Create New to open the Create New Organization
- Enter a name for the organization in the Name
- Optionally, select .. to locate the logo image for the organization on your computer.
- Select OK to create the new organization.
FortiTokens
Go to Authentication > UserManagement > FortiTokens to view a list of configured FortiTokens. From here, FortiTokens can be added, imported, exported, edited, deleted, and activated. For more information, see FortiToken devices and mobile apps on page 72.
The following information is shown:
| Create New | Create a new FortiToken, see To add FortiTokens manually: on page 73. |
| Import | Import a list of FortiTokens, see To import FortiTokens from a CSV file: on page 74 and To import FortiTokens from a FortiGate unit: on page 74. |
| Export | Export the FortiToken list, see To export FortiTokens: on page 74. |
| Delete | Delete the selected FortiToken or FortiTokens. |
| Edit | Edit the selected FortiToken or FortiTokens. |
| Activate | Activate the selected FortiToken or FortiTokens. |
| Search | Enter a search term in the search field, then select Search to search the FortiToken list. |
| Serial number | The FortiToken’s serial number. |
| Token type | The FortiToken type, either FortiToken 200 or FortiToken Mobile. |
| Status | Whether or not the FortiToken is activated. |
FortiToken devices and mobile apps
| Comment | Comments about the token. |
| User | The user to whom the FortiToken applies. |
| Size | The size of the token. |
| Drift | The time difference between the FortiAuthenticator and the FortiToken. For information on removing the drift, see FortiToken drift adjustment on page 75. |
| Timestep | The FortiToken timestep. |
| FTM License | The FTM license applied to the FortiToken. |
MAC devices
Non-802.1X compliant devices can be identified and accepted onto the network using MAC address authentication. See Non-compliant devices on page 104 for more information.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
I am trying to get uses to be able to do a password change when they VPN into the network after their password expire’s.
One issue i am running into is on the Authenticaticator under monitor the status of the Connection only says “Joined AD” and “not connected” do you know why ?
I am experiencing the same problem