Help
FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
shikhakolekar
Staff
Staff

Created on ‎01-21-2025 01:41 AM Edited on ‎02-11-2025 04:42 AM By Community Manager

Article Id 370058

Technical Tip : Unable to access the GUI due to error 'Enabled User Number Exceeds Licensed'

Description

 

This article describes how to delete the users on FortiPAM and eradicate common errors such as 'Enabled User Number Exceeds Licensed'.

 

This error message is commonly seen in the case of license renewal with a FortiPAM license that allows only a smaller amount of FortiPAM users while having a larger than allowed amount of created FortiPAM users still in the system.

An example which could lead to such a scenario on a FortiPAM VM:

  • FC5-10-PAVUL-591-02-12 license applied (supports up to 249 user seats).
  • 140 users created on FortiPAM.
  • FC4-10-PAVUL-591-02-12 license applied during next license renewal (supports up to 99 users).

 

Scope

 

FortiPAM

 

Solution

 

To resolve this issue, excess users that violate the license need to be deleted from the FortiPAM via CLI access to the unit.

 

Step 1: To list the existing FortiPAM users, one of the below commands can be used, depending on the level of details needed:

 

  show system admin

edit "admin"
    set accprofile "super_admin"

    .....

    set password xxvvvtyzijkbcetgs

    .....

 

    edit "test"
    set accprofile "Default Administrator"

 

  get system admin | grep name

name: admin id: 50331649
name: test id: 50331650

  

 

This will list the users currently on the box, In this example, there are 2 users currently registered. When trying to delete a user directly, the following error is seen:

 

config system admin

   (admin) # delete test
    The entry is used by other 1 entries
    Command fail. Return code -23

 

The reason this fails is that the secret is assigned to each user and is saved in associated folders. There might be other dependencies as well that might need to be resolved (group memberships, etc.), however, this is a simple example with an individual associated folder.

 

Step 2: Navigate to folders:

 

    config secret folder

    show

 

Lists the folders associated with the user:


     edit 1

       set name "admin"

       ....

 

       edit 2
       set name "test"

       ....

 

Step 3: Delete by entering the respective ID associated:

 

    (admin)#delete
       id Folder ID.
         1 admin
         2 test

 

      (admin)#delete 2

 

This will now delete the secret folder.

 

Step 4: Delete the user by navigating to:

 

     config system admin

     delete test

 

By performing the actions as in this example, the user 'test' was deleted. This procedure would need to be followed for all users that need to be deleted from the FortiPAM.

Labels:
161
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.