Skip to main content
rbraha
Staff
rbraha
Staff
October 11, 2024

Technical Tip: IAM account for FortiIdentity Cloud

  • October 11, 2024
  • 0 replies
  • 852 views
Description

 

This article describes how to create IAM account users to access FortiIdentity Cloud with the right permissions.

 

Scope

 

FortiIdentity Cloud (formerly FortiTokenCloud).

 

Solution

 

Access to FortiIdentity Cloud is managed by FortiCloud SSO authentication. When there is a request to log in, the system will redirect to FortiCloud, and from there, it is possible to use an Alias, username, and password to log in. The system will grant access to FortiIdentity Cloud.

 

  1. Log in to the portal Support. On Services, select IAM -> Users -> Add New user.

 

Figure 1. Creating new IAM accountFigure 1. Creating new IAM account

 

  1. On Services select IAM -> Permissions Profile, it is possible to select all the desired products to log in with the account and create a new user. After the user is created, it is possible to select which Permission Profile is desired to configure for selected products. Assign this permission profile to the user created. 
  2. After the account is created, it is possible to select 'Generate Password', and a new Login link will be generated. It is possible to reset the password through the link the user created.
  3. A new Permissions named has been created: TestProfile, and on the Permission Profile selected FortiIdentity Cloud as a product.

 

Figure 2. Creating new ProfilesFigure 2. Creating new Profiles

 

  1. Created a new user:genci and assigned the above profile as a permission profile.                                                                              

                                    

    Figure 3. Adding user to profile created beforeFigure 3. Adding user to profile created before

     

     

  2. After the account is created, it is possible to select 'Generate Password', and a new Login link will be generated. It is possible to reset the password through the link the user created.

             Figure 4. Generating link to reset passwordFigure 4. Generating link to reset password

     

     

  3. Log in to Support and select IAM login, specify Account ID/Alias, username, and password.

     

    Figure 5.Login with IAM userFigure 5.Login with IAM user

     

    An error will be received from FortiCloud with 'Unauthorized' since the permission to access has only been given to the FortiIdentity Cloud portal.


    Figure 6. Unauthorized accessFigure 6. Unauthorized access

     

     

  4. It is necessary to log in FortiIdentity Cloud portal https://ftc.fortinet.com with the admin account to create the same user as a sub_admin account to have the right permissions to read all fields on the FortiIdentity Cloud GUI.

    Go to Administrator -> Add Admin Group, select the user part of this group, and on Managed Realms select the default realm.


    Figure 7. Add user part of Admin Group in FortiIdentity CloudFigure 7. Add user part of Admin Group in FortiIdentity Cloud

     

     

  5. Test results log in with this user:genci.


    Figure 8. Login with user in FortiIdentity CloudFigure 8. Login with user in FortiIdentity Cloud

    Terms & ConditionsAccessibility statement