Managing Users

Configuring users in server mode

You can create users one at a time or import a list of users. Before importing a user list or adding an email user, you must first configure one or more protected domains to which the email users will belong. For more information, see “Configuring protected domains” on page 380.

To configure an email user account

  1. Go to User > User > User.
  2. From Domain, select the name of the protected domain to which you want to add an email user. You can also set the domain on the user dialog.
  3. Either click New to add an email user or double-click an email user to modify it.

A dialog appears.

  1. In User name, enter the name of the account in the selected domain whose email will be locally deliverable on the FortiMail unit.

For example, an email user may have numerous aliases, mail routing, and other email addresses on other systems in your network, such as accounting@example.com. However, the user name you enter in the New User dialog reflects the email user’s account that they will use to log in to this FortiMail unit at the selected domain; such as, jsmith if the email address is jsmith@example.com.

  1. You can change the user’s domain if it necessary. In the drop-down menu to the right of the @ symbol, select the name of the protected domain to which the email user belongs.
  2. For Authentication type, select one of the following:
    • select Local and then enter the password for this email account
    • select LDAP and select the name of an existing LDAP profile in the dropdown list • select RADIUS and select the name of an existing RADIUS profile in the dropdown list.

If no profile exists, click New to create one.

If a profile exists but needs modification, select it and click Edit.

  1. In Display Name, enter the name of the user as it should appear in the From: field in the message header.

For example, an email user whose email address is user1@example.com may prefer that their Display Name be “J Zang”.

  1. Click OK.

For a new user, the FortiMail unit creates the account. Authentication is not yet enabled and a policy may not exist that allows the account to send and receive email.

Complete the next two steps as applicable.

  1. To enable the user account, create a recipient-based policy that both matches its email address and uses a resource profile in which User account status is enabled. For details, see “Workflow to enable and configure authentication of email users” on page 541 and “Configuring resource profiles (server mode only)” on page 539.

10.To allow the user account to send and receive email, configure an access control rule and either an IP-based policy or an incoming recipient-based policy. For details, see “Configuring policies” on page 453.

Importing a list of users

The import feature provides a simple way to add a list of new local users in one operation. You can create a CSV file in any spreadsheet and import the data as long as the columns match the FortiMail format.

To create and import user records

  1. Go to User > User > User.
  2. Create at least one local (non-LDAP) user.
  3. Select that user and click Export .CSV.
  4. Save the file on your local computer.
  5. Open the CSV file in a spreadsheet editor, such as Microsoft Excel.
  6. Enter user records in the pre-existing columns so the new users exactly match the exported format. (Delete the original exported user record.)

Figure 171:Sample CSV format

  1. Use the Save As feature to save the file in plain CSV format.
  2. On the User tab, click Import.
    • dialog appears.
  3. Click Browse to locate the CSV file to import and click Open.

10.Click OK.

  • field appears showing the percentage of import completion.

A dialog appears showing the number of imported records.

The import feature does not overwrite existing records.

To change the password of multiple email user accounts

This procedure sets the same password for one or more email user accounts, which can result in reduced security of the email users’ accounts. To reduce risk, set a strong password and notify each email user whose password has been reset to configure a unique, strong password as soon as possible.

  1. Go to User > User > User.
  2. From Show Users Of Domain, select the name of the protected domain in which you want to change email user account passwords.
  3. To change the passwords of all email user accounts for the protected domain, mark the check box located in the check box column heading.

To change the passwords of individual email user accounts, in the check box column, mark the check boxes of each email user account whose password you want to change.

  1. Click Password.
  2. Select either:
    • Password, then enter the password for this email account, or
    • LDAP, then select the name of an LDAP profile in which you have enabled and configured the User Auth Options query, which enables the FortiMail unit to query the LDAP server to authenticate the email user.

Managing the disk usage of email users mailboxes

If your email users often send or receive large attachments, email users’ mailboxes may rapidly consume the hard disk space of the FortiMail unit. You can manage the disk usage of email users’ mailboxes by monitoring the size of the folders, and optionally deleting their contents.

For example, if each email user has a mailbox folder named “Spam” that receives tagged spam, you might want to periodically empty the contents of these folders to reclaim hard disk space.

Alternatively, you can assign email users’ disk space quota in their resource profile. For details, see “Configuring resource profiles (server mode only)” on page 539.

To empty a mailbox folder

  1. Go to User > User > User.
  2. Select the check box for the user.
  3. Click Maintenance.
    • list of mailbox folder names with their hard disk usages appears.
  4. Select the mailbox folder that you want to empty, such as Trash, then click
    • confirmation dialog appears.
  5. Click OK.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Managing Users

  1. Raj

    I am using FortiGate 5.6.3 and I don’t see any buttons to allow me to export users into a csv file.
    Any help would be appreciated.
    Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.