show sys admin user Log on FMG
config system admin user
edit "Log on FMG"
set profileid "Super_User"
set adom "all adoms"
set policy-package
set user type radius
set radius server "Win16"
config meta-data
edit "Contact Email"
next
edit "Contact Phone"
next
end
set wildcard enable
set ext-auth-accprofile—override enable
set ext-auth-adom-override enable
set ext-auth-group-match "fmg_faz_admin"
config dashboard
edit 1
set name "System Information"
set column 1
set refresh—interval O
set tabid 1
set widget—type sysinfonext
config system admin user
edit "Log_On_FMG_2"
set profileid "Super_User"
set adom "all adoms"
set policy-package
set user type radius
set radius server "Win16"
config meta—data
edit "Contact Email"
next
edit "Contact Phone"
next
end
set wildcard enable
set ext-auth-accprofile—override enable
set ext-auth-adom-override enable
set ext-auth-group-match "Non_fmg_admin"
config dashboard
edit 1
set name "System Information"
Configure the windows radius server with 2 users:
- Username: fortinet , part
of Group1 on Radius server
- Username: fortinet2, part
of Group2 on Radius server
Configure 2 Policies on Radius server so when user logs in with fortinet username the radius server will send the following attributes: fmg_faz_admins, Super_User, root
When user logs in with username: fortinet2, radius server will send the following attributes: Non_fmg_admin, Super_User, root
Now login to the Fortimanager with username: fortinet2, and create a session and submit.
Now login to the FortiManager with username: fortinet, and approve the session created by fortinet2.
We can verify which user got which template by running the following command on FMG CLI:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.