1. Starting from FortiManager version 7.6, a new system admin profile 'ADOM Scoped Admin' is introduced. Users with the 'ADOM Scoped Admin' system admin profile assigned will be able to manage administrators within its ADOM.
2. The 'ADOM Scoped Admin' system admin profile can be created under System Settings -> Admin Profiles -> Create New -> Type -> ADOM Scoped Admin.
   
   

Alternatively, use the following CLI command to create the 'ADOM Scoped Admin' system admin profile.

config system admin profile

    edit <profile>

        set adom-admin {enable}

end

3. The 'ADOM Scoped Admin'  system admin profile can only be assigned to users with a single specific ADOM. Below is an example of how to create a user and assign the 'ADOM Scoped Admin' system admin profile named (adom_admin_profile_1) to a single ADOM (adom_1).
   
   

   

    

    

4. For this demonstration, two 'ADOM Scoped Admin'  system admin profiles are created (adom_admin_profile_1 &  adom_admin_profile_2) and the following administrators will be assigned to the specific 'ADOM Scoped Admin' system admin profile.
   
   

   

    

    

5. Since test_admin_1 and test_admin_2 are both assigned with the same 'ADOM Scoped Admin'  system admin profile adom_admin_profile_1, logging into FortiManager with either user will allow the user to manage the administrators within the respective ADOM. The user test_admin_3 will not be visible and cannot be managed since it is not assigned with the same 'ADOM Scoped Admin' system admin profile adom_admin_profile_1.
   
   

   

Troubleshooting

The following CLI commands are used for troubleshooting admin login issues on FortiManager/FortiAnalyzer:

diagnose debug application auth 8
diagnose debug en

After debugging, remember to reset and disable the debug commands:

diag debug reset
diag debug disable