Help
FortiDLP
FortiDLP is a cloud-native endpoint DLP and Insider Risk Solution which is aimed at monitoring and Preventing Data Theft on the endpoint, across Windows, macOS and Linux.
lalarcon
Staff
Staff

Created on ‎10-08-2025 07:48 AM

Article Id 414252

Technical Tip: User enrolment with Postman in FortiDLP

Description

This article provides information how to do user-mapping association with CSV in FortiDLP with Postman via API.
Scope

FortiDLP needs a user association when using CSV user imports. FortiDLP needs to associate a user with a machine to show events from a machine and a specific user. It is only needed when using CSV user import data.
Solution

To associate a CSV imported user and a workstation, a series of API calls are needed for the process.  Postman or curl can be used to make the association. This article will focus on the Postman tool.

 

As a first step, a token is needed for query purposes. Go to the DLP tenant. FortiDLP -> Admin Settings -> Admin -> Authentication -> Access tokens. Create an access token. Add a name, choose a Built-in/Administrator Role and copy the token.

 

Open Postman and create a GET method with the tenant URL. In Authorization, choose Bearer Token and add the token. Go to the following url: {{FORTIDLPSERVER}}/api/v1/access-tokens.

 

Change the {{FORTIDLPSERVER}} with the tenant url.

 

Picture1.png

 

Import the user's CSV and search for the user in the DLP console to get the UUID.

Now, go to Users. Search for the name of the CSV user and state = pending_enrollment. Get the UUID from the info sign icon. Copy it and save it.

 

Warning: Images are referential only. 

 

Picture2.png

 

Check the user information, now with the UUID from user.

 

Replace bold letters with the tenant URL and the user UUID from the previous step. Use a GET method with the following URI: {{FORTIDLPSERVER}}/api/v2/users/dbda4480-b3d3-39aa-64c3-e383ed1d6456/useruri

 

Use the token in the Authorization panel. Do not forget to add it!

 

Picture3.png

 

Prepare the association by joining user and machine.

 

Get the machine name or agent ID or both to add it to the user UUID.

 

In this example, the machine name is Desktop-MacOS and the agent UID is 'agent://f94ae089-b4d7-4f44-669c-d0e6e7b6ea17@domain'. Keep the word domain after @. Do not change it.

 

Prepare the following string with the user UUID and add a raw message in Postman.

Change the bold values with the current tenant and user UUID. Use the following with a POST request:

 

{{FORTIDLPSERVER}}/api/v2/users/dbda4480-b3d3-39aa-64c3-e383ed1d6456/useruri

 

 

Picture4.png

 

Add the following raw message in JSON format:

 

{

  "uris": [

    "agent://f94ae089-b4d7-4f44-669c-d0e6e7b6ea17@domain",

    "machinename://Desktop-MacOS"

 

  ]

}

 

Use the above association where 'agent' is the UID of the agent and 'machine name' is the name of the machine associated.

 

Replace bold letters with the appropriate tenant URL and the user ID from the user. Use a GET method.

 

{{FORTIDLPSERVER}}/api/v2/users/ dbda4480-b3d3-39aa-64c3-e383ed1d6456/useruri

 

Picture5.png

 

Check the association. The result must include the machine name and the agent.

 

Next, check the console to check if association is successful.

 

Picture6.png

 

Next, user and machine name will not be associated.
Labels:
75
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.