Description
This article describes solutions for tracking logged in users. Tracking the logged on user allows the administrator to:
- Assign polices for endpoint compliance and/or network access based on user criteria.
- Track who is logged into the computer at any given time.
The currently logged-on user for any given host can be accessed from the Administration UI under Hosts -> Host View.
Additional configuration is required to collect user login information.
Scope
Version: FortiNAC v9.x, F v7.x.
Solution
Configuration options:
- Use an Authentication VLAN and force users into a captive portal: Requires the user to enter credentials in the Captive Portal. This may result in a second login and will cause a VLAN switch once credentials are supplied in the portal.
- Utilize the Persistent Agent credentials dialog: Requires the user to enter credentials via pop-up dialogue from the installed Persistent Agent. This method may result in a second login and may also result in a VLAN switch depending upon Authentication policy configuration. For details, refer to the Persistent Agent Configuration and Deployment reference manual in the Fortinet Document Library FortiNAC-F.
- Single Sign On function in the Windows or macOS Persistent Agent: For details, refer to the Persistent Agent Configuration and Deployment reference manual in the Fortinet Document Library FortiNAC-F. Note: macOS requires agent version 10.7.0.2 or greater.
For some technical tips, refer to: Technical Tip: FortiNAC v7.6 LDAP group membership based on 'User' or 'Device' type Registration
- RADIUS 802.1x Authentication: User name is tracked as long as the EAP type configured in the host supplicant identifies the user (such as with PEAP). If the user name is encrypted or not provided (such as with EAP TTLS or EAP TLS), the name cannot be identified.
Related article:
Technical Tip: Domain macOS machines do not show logged in user
