FortiNAC Device Limitation

Forum|Forum|2 months ago
April 1, 2026
1 reply
126 views

Currently for contractor user the fortinac will use captive portal using entra ID before gain access to the network.

If I only use SSO for the authentication then same contractor user can use any workstation to access the network. Some one here know can we limit the device for single user, example using mac address restriction?
I try register manually the devices and assign the device to group named 'Contractor' then if this device plugged to the switch then fortinac open the capive portal and showing the device was registered, the captive portal not bring to login page.

FortiNAC

ebilcari

Staff

This can currently be done on a per user basis, as shown below:

limit host.png

There is also a global settings, but that will affect all the Users in the setup:

host-user global.png

Emirjon

HS08Author

Visitor III

Can we make an group contain the device mac address, so all contractor only can login to the entra thru captive potral only for mac address listed in that group?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded