Managing Users

Configuring user groups

The User Group tab lets you group related email user accounts.

Email user groups can simplify the creation of policies. For example, when creating policies, you can select the name of an email user group rather than entering each email user name individually.

To access this part of the web UI, your administrator account’s:

  • Domain must be System
  • access profile must have Read or Read-Write permission to the Policy category For details, see “About administrator account permissions and domains” on page 290.
  1. Go to User > User > User Group.

Figure 177:User Group tab

GUI item Description
Domain Select the name of a protected domain to display user groups that belong to it.

You can see only the domains that are permitted by your administrator profile.

Name Displays the name of the user group.
Members Displays the email users that are members of this user group.
  1. Either click New to add a group or double-click a group to modify it.

A dialog appears.

Figure 178: Configuring a user group

  1. For a new group, enter its name. Spaces are not valid.
  2. For a new group, select the domain from which to select users from the Users of domain

Groups are domain-specific.

  1. Add or edit the members of the email user group:
  • In the Available users area, select the names of one or more email users that you want to add to the email user group, then click the right arrow to move them to the Members
  • In the Members area, select the names of one or more email users that you want to remove from the email user group, then click the left arrow to return them to the Available users
  1. Click Create or OK.

Configuring aliases

The User Alias tab lets you configure email address aliases for protected domains.

Aliases sometimes act as distribution lists; that is, they translate one email address into the email addresses of several recipients, called members. An alias can also be a literal alias; that is, it is an alternative email address that resolves to the real email address of a single email user.

For example, groupa@example.com might be an alias that the FortiMail unit will expand to user1@example.com and user2@example.com, having the effect of distributing an email message to all email addresses that are members of that alias, while john.smith@example.com might be an alias that the FortiMail unit translates to j.smith@example.com. In both cases, the FortiMail unit converts the alias in the recipient fields of incoming email messages into the member email addresses of the alias, each of which are the email address of an email user that is locally deliverable on the SMTP server or FortiMail unit.

Aliases can contain both or either local and non-local email addresses as members of the alias. For example, if the local protected domain is mail.example.com, you could create an email address alias whose members are:

  • user1@mail.example.com, which is locally deliverable to the protected domain
  • user1@external.example.net, which is not locally deliverable to the protected domain

Unlike address maps, aliases can be one-to-many relationships between the alias and its members, but cannot be bidirectional — that is, recipient email addresses that are aliases are translated into their member email addresses, but sender email addresses that are members are not translated into aliases.

To access this part of the web UI, your administrator account’s access profile must have Read or Read-Write permission to the Others category.

For details, see “About administrator account permissions and domains” on page 290.

To view and configure alias addresses

  1. Go to User > User Alias > User Alias.

Figure 179:User Alias tab

GUI item Description
Domain Select the name of a protected domain to view email address aliases for that protected domain.

You can see only the domains that are permitted by your administrator profile.

Alias Name Displays the email address of the alias, such as teama@example.com.
Members Displays the email addresses to which the alias will translate, which may be the email addresses of one or more local or non-local email users. Multiple email addresses are comma-delimited.
  1. Either click New to add an alias or double-click an alias to modify it.

A dialog appears. Its features vary with the operation mode.

Figure 180:Configuring an alias (gateway mode and transparent mode)

Figure 181:Configuring an alias (server mode)

  1. For a new alias in all operation modes, enter the local-part (the part before the ‘@’ symbol) of the email address alias in Alias name.
  2. If the FortiMail unit is operating in gateway or transparent mode, do the following:
    • Select the name of its protected domain from the drop-down list next to Alias name. For example, for the alias group1@example.com, you would enter group1 and select example.com.
    • To add members to the alias, in the field to the left of the right arrow button, enter the email address, then click the right arrow button. The email address appears in the Members
    • To remove members from the alias, in the Members area, select one or more email addresses, then click Remove Selected.
  3. If the FortiMail unit is operating in server mode, do the following:
    • Select a protected domain in Select an internal domain.
    • The email addresses of users from the selected domain (that is, local users) appear in the Available users
    • To add local email addresses as members to the alias, select one or more email addresses in the Available users area, then click ->. The email addresses are moved to the Members
    • To add non-local email addresses as members to the alias, enter the email address in the External Email address field, then click -> next to the field. The email address appears in the Members
    • To remove members from the alias, select one or more email addresses in the Members area, then click <- arrow. The email addresses are removed from the Members

Local email addresses return to the Available users area.

  1. Click Create or

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Managing Users

  1. Raj

    I am using FortiGate 5.6.3 and I don’t see any buttons to allow me to export users into a csv file.
    Any help would be appreciated.
    Thanks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.