Configuring IBE authentication
When mail recipients of the IBE domains access the FortiMail unit after receiving a secure mail notification:
- recipients of the IBE domains without LDAP authentication profiles need to register to view the email
- recipients of the IBE domains with LDAP authentication profiles just need to authenticate because the FortiMail unit can query the LDAP servers for authentication information based on the LDAP profile
In both cases, the FortiMail unit will record the domain names of the recipients who register or authenticate on it under the IBE Domain tab. For details, see “Viewing and managing IBE domains” on page 451.
Go to User > IBE User > IBE Authentication to bind domains with LDAP authentication profiles with which the FortiMail unit can query the LDAP servers for authentication, email address mappings, and more. For more information about LDAP profiles, see “Configuring LDAP profiles” on page 548.
Figure 187:IBE Authentication
To configure IBE authentication rules 1. Go to User > IBE User > IBE Authentication.
- Configure the following and click Create.
| GUI item | Description |
| Domain pattern | Enter a domain name that you want to bind to an LDAP authentication profile.
If you want all IBE users to authenticate through an LDAP profile and do not want other non-LDAP-authenticated users to get registered on FortiMail, you can use wildcard * for the domain name and then bind it to an LDAP profile. For more information about LDAP profiles, see “Configuring LDAP profiles” on page 548. |
| LDAP profile | Select the LDAP profile you want to use to authenticate the domain users. |
| Status | Select to enable this rule. |
Viewing and managing IBE domains
The FortiMail unit records the domain names of the recipients who register or authenticate on FortiMail.
To view those domains, go to User > IBE User > IBE Domain.
| GUI item | Description |
| Delete
(button) |
Select to remove a selected domain.
Deleting a domain also disables all its users. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit. |
| Remove All
Users (button) |
Select to delete all mail users in a selected domain. These users cannot access the FortiMail unit until they receive new secure mail notifications from the FortiMail unit. |
| Search
(button) |
Select to search IBE domains. A search dialog appears. |
| Active User
Count |
Displays the active mail users in a domain. For more information about active users, see “Configuring active users” on page 447. |
| Expired User Count | Displays the expired mail users in a domain. For more information about active users, see “Configuring expired users” on page 448. |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
I am using FortiGate 5.6.3 and I don’t see any buttons to allow me to export users into a csv file.
Any help would be appreciated.
Thanks.