The 'remote_wildcard' is an administrator account in which it is possible configured to use authentication profiles for LDAP or RADIUS Servers, and all the accounts authenticated through this profile will be able to log in to the FortiMail as administrator.

By default, all the users authenticated through the RADIUS profile, will log in using the remote_wildcard account, and will have the same permissions (Admin Profile), but sometimes is needed to assign different permission levels, depending on user credentials. This can be achieved by enabling the option 'Enable remote access override' in the RADIUS Profile (Profile -> Authentication -> Radius):

In this case FortiMail is configured with the Admin Profiles adminprof1 and adminprof2 with different permission levels, to be assigned to different RADIUS users (raduser1 and raduser2:(

The RADIUS Server should be configured to send an attribute (FortiMail is expecting attribute ID=6, Fortinet-Access-Profile), with the name of Admin Profile to use.

In the FortiAuthenticator, add the RADIUS attribute accordingly to the Admin Profile required to each user:

When the users log in to the FortiMail each will be assigned the Admin Profile sent by the RADIUS Server, regardless the Admin Profile assigned to the remote_wilcard account:

If a RADIUS user doesn't have the RADIUS attribute configured or the attribute doesn't match any existing Admin Profile, it will use the Admin Profile assigned to remote_wildcard account.