Help
Blogs

Lacework FortiCNAPP: Activating the Master Account Owner in FortiCare after migration from Zendesk

oholecek_FTNT
Staff
Staff
‎06-11-2025 06:27 AM

Background

 

We are migrating existing Lacework customers from our current Lacework support portal (Zendesk) to the FortiCare support portal to service all support requests for the Lacework FortiCNAPP product. This migration doesn’t change how you access the Lacework platform—it only affects how support tickets are submitted.

 

While the existing users of the Lacework support portal have been migrated to FortiCare, they remain inactive by default. To enable support access in FortiCare, the "Master Account Owner" must complete the steps outlined below.

 

A Master Account Owner account is the administrator for an organization in FortiCare. This account was created for all Lacework customers who had an existing Lacework instance as of February 15, 2025. The Master Account Owner’s email address was provided to Lacework when the subscription was activated.

 

An Identity & Access Management (IAM) User is an individual identity created within the organization that can be assigned granular roles and access permissions. If these users were already leveraging the Lacework support portal (Zendesk) they have also been migrated over to the FortiCare support portal.

 

This guide is based on FortiCare accounts that do not contain any sub-accounts (although they do contain IAM users). If your Lacework platform supports multiple sub-accounts, it would be migrated with the FortiCare Organization Portal enabled. Steps in this article are still valid, an additional resource would be to refer to our Organization Portal document.

 

In addition to the article, there are multiple manuals for FortiCloud management in our public documentation. The most important ones would be the Identity & Access Management (IAM) document, which describes how to manage users and permissions, and the Asset Management document, which explains how to manage devices and subscriptions. 

 

Confirm migrated account

The following steps are also presented in our Lacework Migration - Logging in to FortiCloud as the Master Account owner video guide.

 

Please be aware that you need to use the "Create Account" feature when logging in to FortiCloud for the first time with the migrated Master Account. This step confirms the migrated account and is essential to complete before proceeding with any further steps. The fact that your user has actually been migrated will be recognized later in the process.

 

  • Navigate to https://support.fortinet.com
  • Click "Create Account"
  • Enter your email address
    • This must be the email provided to Lacework during subscription activation
    • If you do not know the Master Account Owner’s email address for your company, you need to contact Fortinet Customer Service by phone
  • Verify the captcha and click "Get Email Verification Code"
    • Enter the verification code sent to your email and click "Next"
  • Set a new password for your user
  • The next page will show "You Already Have A FortiCloud Account!"
    • This is a crucial and expected part of the process
    • If you do not see this message, the email you entered is not the Master Account Owner's email migrated from Lacework, and you need to contact Fortinet Customer Service by phone
  • Click "Next" to finalize this step

 

Login to FortiCloud as Master Account Owner

The following steps are also presented in our Lacework Migration - Logging in to FortiCloud as the Master Account owner video guide, starting at 02:00.

 

  • Navigate to https://support.fortinet.com and click "Log in" button
  • Select the "Email user" checkbox
    • This is an important step when logging in as Master Account Owner
    • Do not use the "IAM user" option when logging in as the Master Account Owner
  • Enter your email address and password from previous step
  • You will receive a new authentication code via email, which you must enter into the "Security Code" field
  • Click the "Go" button to complete the login to FortiCloud

 

Confirm FortiCNAPP license

This is not a mandatory step, and its only purpose is to verify that we have successfully migrated your license.

 

  • Log in to FortiCloud following the previous step
  • Under "Asset Management" portal, select "Account Services" from the left menu
    • If you are logging in for the first time, you will land on "Asset Management" portal automatically
    • In the case you did not, click the "Services" in the top menu and select "Asset Management"
  • Locate the line with "Service Name" being "Lacework FortiCNAPP" and click on the Serial Number
    • Lacework FortiCNAPP serial numbers always start with "FLACWK"
  • In the "Registered Support Contract(s)" section, you will find the number of seats (vCPUs) purchased
  • If the number does not match your expectations, contact Fortinet Customer Service by phone

 

Verify permission profile for your IAM users

The following steps are also presented in our Lacework Migration - How to set up and enable migrated IAM users video guide.

 

Locally configured users in the Lacework platform have been migrated as IAM users in FortiCloud. However, those users cannot log in to FortiCloud until you reset their password in the next step. Be aware that users connected to the Lacework platform using an external IdP are not migrated to FortiCloud.

 

After this procedure, your IAM users will be able to manage support tickets and/or log in to Lacework via FortiCloud, depending on how you configure their access.

 

  • Log in to FortiCloud as described in previous step
  • Select the "IAM" portal from the "Services" menu
  • Select "Users" from the left menu
    • You will see all the users that we have migrated
    • We automatically created a "Support User" permission profile, that we assigned to every migrated IAM user
  • Select "Permission Profiles" from the left menu and click on the "Support User" profile
    • By default, any user with this assigned profile can create and manage support tickets
    • You can stop here if this is all you want
  • If you want your users to also log in to Lacework FortiCNAPP via FortiCloud, click "Edit", then "Add Portal" and add "Lacework FortiCNAPP"
    • Enable the "Access" checkbox and select the desired "Access Type"
    • Then click the "Update" button to confirm this change

 

Be aware that this does not affect the old way of logging in, where valid users can request the email login link directly from the Lacework FortiCNAPP portal.

 

Reset migrated IAM users passwords

The following steps are also presented in our Lacework Migration - How to set up and enable migrated IAM users video guide, starting at 02:18.

 

  • Log in to FortiCloud as described in one of the previous steps
  • Select the "IAM" portal from the "Services" menu
  • Select "Users" from the left menu
  • Click on the username of the user you want to reset the password for
  • Switch to the "Security Credentials" tab
  • Click "Generate Password"
    • Be aware that the system does not send any email automatically
    • Copy the generated link
  • Find the "Account ID" by clicking on your account in the top right corner

    • In our example the account ID is 2113355, as shown in the screenshot below

    • Account ID in your case it will be different

       

      forticare-account-id.png

  • Send the "Account ID" and reset link to the user using email or any other secure way
  • It might also be helpful to send a link to the article Creating your first support ticket in FortiCare after migration from Zendesk, which describes how IAM users can log in and manage support tickets
0 Kudos
Popular Articles
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.