Skip to main content
OnlineGeek
OnlineGeek
New Member
April 20, 2020
Question

Guest wifi user authentication

  • April 20, 2020
  • 1 reply
  • 6127 views

I know that I can create a guest wifi and apply a captive portal but I'd like to apply one where a user needs to enter their name and password. As the Admin, I would then be able to approve or deny their access to the guest wifi.... is this possible?

    1 reply

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    April 30, 2020

    Hi,

    this is not possible on FortiOS AFAIK. There is only email collecting portal.

    However the FortiOS does have external captive portal option .. so you can actually write your own portal, like web app to collect and approve users.

     

    Or, there is Account Registration -> Require Admin Approval option on FortiAuthenticator in portal config.

    See screenshot - https://www.dropbox.com/s...tration.png?dl=0 

    sw2090
    SuperUser
    sw2090
    SuperUser
    May 19, 2020

    hm

    I found https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/981270/creating-security-policies-for-different-users

     

    This says if you set a policy to require a specific user or usergroup the FGT will prompt you with a login screen once you match that policy. This should work for guest wifi too.

    Thus there is no user registration that can be used by users. This will require an admin to create the user and add to groups if required.

    So might not be a full guest wifi portal as you know it but maye it meets your requirements?

    xsilver_FTNT
    Staff
    xsilver_FTNT
    Staff
    May 20, 2020

    Maybe I just misunderstood that ..  "where a user needs to enter their name and password. As the Admin, I would then be able to approve or deny their access to the guest wifi".

     

    I thought that idea is that the guest users will apply/enroll themselves somehow and admin later then approve their ability to log into the guest wifi.

    Sure you can, as admin, or guest manager/sponsor, create bunch of guest accounts in advance and then distribute those. Like hotel receptionist giving you temporary access while you stay in. In this case you can make those users into guest groups on FGT or your back end auth server (LDAP/RADIUS/TACACS+/Kerberos) and use either captive portal on interface or group in policy which will then spring the auth according to settings when needed. But that seemed to me a bit too much pre-fabricated, as you are basically granting access to those users in advance, not when they enroll .. "enter their name and password".

    Terms & ConditionsAccessibility statement