Help
FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
Sheikh
Staff
Staff

Created on ‎05-31-2022 02:36 AM Edited on ‎05-31-2022 06:18 AM By Staff

Article Id 213506

Technical Tip: How to delegate rights to accounts in FortiAuthenticator to import users from LDAP server and Assign FortiTokens

Description This article describes how to delegate rights to a non admin account(s) to import users/groups from LDAP server and assign FortiTokens.
 Scope FortiAuthenticator
Solution

1) Logon to Fortiauthenticator and go to System -> Administration -> Admin Profiles and select 'Permissions Sets'.

 

Sheikh_0-1653984868762.png

 

 2) Select 'Create new'.

 

Sheikh_1-1653984985496.png

 

3) Enter some useful information in 'Name' field.

 

4) From the Permissions list, it is either possible to scroll it down and select required permissions or possible to search from the available list and it will be shown only those entries.

 

Sheikh_2-1653985642492.png

 

5) Select the required permissions and press 'Down Arrow' key in the middle to move selected permissions to "Chosen User Permissions' box In this example, here, it is necessary to select these two permissions and press 'OK'.

 

 - Can view LDAP Server.

 - Can view remote server settings.

 

6) After pressing 'OK', it will be shown in the Permissions set. 

Now select 'Return' in the Top menu or select 'Admin Profiles' again in the left menu.

 

Sheikh_4-1653986188872.png

 

7) Now, it is necessary to create an 'Admin Profile' and link this permission set to it.

Select 'Admin profiles' and then select 'Create New'.

 

Sheikh_6-1653986481245.png

 

Sheikh_7-1653986882375.png

 

8) At this point the 'Admin Profile' and 'Permission sets' are ready, now, it is necessary to link this to user account(s).

it is either possible to create new accounts or use an existing account.

In this example, a Helpdesk account will be created to assign this 'Admin Profile' to it.

 

Sheikh_8-1653987165314.png
 

 9) Enter username and password, and ensure that the Role Administrator is selected, disable 'Full Permissions' and then in the 'Admin Profiles' list select the one created in the previous sets and select'OK'.

 

Sheikh_10-1653987307126.png

 

 

Sheikh_11-1653987563563.png

 

10) Now login with this 'Helpdesk' account and it is possible to import users from LDAP server, change user settings and also able to assign FortiTokens.

 

Sheikh_12-1653987729754.png

 

11) Now go to Authentication->Remote Users and select 'Import'.

 

Sheikh_13-1653987818775.png

 

Sheikh_14-1653988008604.png

 

 Select the OU to import LDAP users and select 'OK'

 

Sheikh_16-1653988156481.png

 

Sheikh_17-1653988269294.png

 

Now, select any user account to modify settings or assign FortiTokens.

 

In this example, it is possible to choose 'Ad_Test' account.

 

Sheikh_18-1653988562714.png

 

After assigning the FortiToken, select 'OK' to save configurations.

 

 Troubleshooting.

 

 - Ensure to have the connectivity with Fortitokenmobile.fortinet.com, otherwise, issues in assigning FortiTokens to users will appear.

 

979
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.