Issue:
Remote admin users may log in but receive the incorrect admin profile or wrong VDOM permissions. Attempts to reorder administrators using commands like move <admin_name> <position> do not work because FortiOS does not support positional reordering of admin entries.

Cause:

FortiGate evaluates multiple remote or wildcard administrator accounts based on alphabetical order (A → Z), not creation order or manual sorting. As a result, the wrong admin profile may be applied during login if another entry appears earlier alphabetically.

FortiGate processes and matches remote/wildcard admin entries in alphabetical order. The first entry that matches the login credentials is applied. If another admin entry alphabetically precedes the intended one, it will take priority.

Solution:
Rename the administrator entry so that it appears alphabetically higher than others.
This forces FortiGate to match it first during login.

Use the following commands to rename the admin entry and influence the matching order:

config system admin
    edit STP_admin
        set name AASTP_Admin
    next
end

Use case scenario:

• A remote admin account named SAM_admin needed a higher priority than Global_Admin. 
• Because FortiGate matched Global_Admin first, the wrong admin profile was applied. 
• Renaming the entry to AA_SAM_Admin moved it to the top alphabetically, ensuring correct access rights.

Note:

• Refer to the official wildcard admin documentation: Technical Tip: How to configure multiple remote + wildcard Administrators
• Avoid using unsupported special characters at the start of admin names.
• Implement naming conventions like AA_, AB_, AC_ to maintain long-term order.

Summary:
FortiGate selects remote/wildcard admin accounts strictly based on alphabetical order. To ensure the correct admin profile is matched, rename the administrator entry so that it appears earlier alphabetically.