Explorer

Solved

Fortipam domain crendentials on multiple servers

Forum|Forum|3 months ago
March 6, 2026
4 replies
283 views

Hi,

I want to understand what's the steps for configure a secret with domain credentials (a secret in my personal folder) and use it in other windows/ssh secrets and targets(shared in the public folder with others).

Obviously every user needs to have its domain credentials.

The users in fortipam must be local users.

I'im trying to do this with smart associations but with some difficulties.

Thanks in advance

FortiPAM

Best answer by Jean-Philippe_P

Hello Daniele,

I found this solution, can you tell us if it helps, please?

To configure a secret with domain credentials in FortiPAM and use it across multiple servers, you can follow these steps:

Step-by-Step Configuration

Create a Secret with Domain Credentials:
- Navigate to Secrets > Secrets.
- Click on Create to open the Select a Secret Template window.
- In the Windows pane, select Windows Domain Account.
- Fill in the necessary fields:
  - Name: Enter a name for the secret.
  - Target: Select the Windows AD server.
  - Associated Secret: Enable this option and select Smart Association from the dropdown.
  - Account Prefix: Enter "fortipam".
  - Fields:
    - Username: Enter the domain username.
    - Password: Enter and confirm the password.
- Click Submit to create the secret.
Use the Secret in Other Windows/SSH Secrets:
- For each server or target where you want to use the domain credentials:
  - Navigate to the Secrets section.
  - Select the appropriate secret template (e.g., Windows or SSH).
  - In the Target field, select the server or target.
  - Enable Associated Secret and choose the previously created domain credentials secret from your personal folder.
  - Complete any additional required fields specific to the server or target.
Share Secrets in the Public Folder:
- Move or copy the secrets to the public folder to share them with other users.
- Ensure that the permissions are set correctly so that other users can access and use the secrets.

Considerations

Local Users in FortiPAM: Ensure that each user in FortiPAM is set up as a local user. This setup is necessary for managing individual domain credentials.
Smart Associations: If you encounter difficulties with smart associations, verify that the associated secret is correctly linked and that the target servers are properly configured to accept the domain credentials.

Follow-ups and Clarification Questions

Are there specific error messages or issues you encounter when using smart associations?
Do you need guidance on setting permissions for shared secrets in the public folder?
Would you like more detailed instructions on configuring local users in FortiPAM?

If you need further assistance, please provide additional details about the difficulties you're experiencing with smart associations.

Jean-Philippe_P

Staff & Editor

Hello DanieleS99,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Jean-Philippe - Fortinet Community Team

Jean-Philippe_P

Staff & Editor

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team

DanieleS99Author

Explorer

thanks @Jean-Philippe_P

An update: I've been successful with Windows targets. What I'm interested in is success with web targets, for the internal management portals we use.

Jean-Philippe_PAnswer

Staff & Editor

Hello Daniele,

I found this solution, can you tell us if it helps, please?

To configure a secret with domain credentials in FortiPAM and use it across multiple servers, you can follow these steps:

Step-by-Step Configuration

Create a Secret with Domain Credentials:
- Navigate to Secrets > Secrets.
- Click on Create to open the Select a Secret Template window.
- In the Windows pane, select Windows Domain Account.
- Fill in the necessary fields:
  - Name: Enter a name for the secret.
  - Target: Select the Windows AD server.
  - Associated Secret: Enable this option and select Smart Association from the dropdown.
  - Account Prefix: Enter "fortipam".
  - Fields:
    - Username: Enter the domain username.
    - Password: Enter and confirm the password.
- Click Submit to create the secret.
Use the Secret in Other Windows/SSH Secrets:
- For each server or target where you want to use the domain credentials:
  - Navigate to the Secrets section.
  - Select the appropriate secret template (e.g., Windows or SSH).
  - In the Target field, select the server or target.
  - Enable Associated Secret and choose the previously created domain credentials secret from your personal folder.
  - Complete any additional required fields specific to the server or target.
Share Secrets in the Public Folder:
- Move or copy the secrets to the public folder to share them with other users.
- Ensure that the permissions are set correctly so that other users can access and use the secrets.

Considerations

Local Users in FortiPAM: Ensure that each user in FortiPAM is set up as a local user. This setup is necessary for managing individual domain credentials.
Smart Associations: If you encounter difficulties with smart associations, verify that the associated secret is correctly linked and that the target servers are properly configured to accept the domain credentials.

Follow-ups and Clarification Questions

Are there specific error messages or issues you encounter when using smart associations?
Do you need guidance on setting permissions for shared secrets in the public folder?
Would you like more detailed instructions on configuring local users in FortiPAM?

If you need further assistance, please provide additional details about the difficulties you're experiencing with smart associations.

Jean-Philippe - Fortinet Community Team

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded