Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
jiahoong112
Staff
Staff

Created on ‎09-11-2024 11:49 PM Edited on ‎09-26-2024 12:00 AM By Moderator

Article Id 340898

Technical Tip: Migrating Sub-Users to IAM Users in FortiCloud - FortiSASE error message ‘user login failed’

Description

This article describes that logging into the FortiSASE instance results in an error message, ‘user login failed’.

This is because of the recent change as per https://status.fortisase.com where sub-users have been deprecated in FortiCare/FortiCloud so they have to be migrated to IAM users:

 

jiahoong112_0-1726107373306.png

 

It is advisable to ‘SUBSCRIBE TO UPDATES’ on the FortiSASE Status page. The migration from sub-user to IAM user can only be done through the Master Account.
Scope FortiSASE, FortiCloud.
Solution
  1. Log into the Fortinet Support Portal (support.fortinet.com) using the master account. Go to Services -> IAM.
  2. Create a new Permission Profile, give the permission portal a name, Select Type as Organization and select Add Portal. Grant access and permissions to the following categories, the rest can also be included. Select Submit to apply the setting.

    Note: The default SysAdmin permission profile will not work.

 

Screenshot 2024-09-26 143508.png

 

 

jiahoong112_1-1726107390114.png

 

jiahoong112_2-1726107390119.png

 

  1. Create a User Group. Go to User Groups -> Add IAM User Group. Give the user group a name and select the Permission Profile that was just created.

 

jiahoong112_3-1726107390124.png

 

  • Select Next until the Confirm button can be selected.

 

  1. Select Migrate Sub Users and follow this link: Migrating sub users
    Over here, be sure to select Yes under ‘Do you want your permission controlled by an IAM User Group?’.

 

  1. After migration, a password reset link must be Generated for each newly migrated sub-user and it will be necessary to reset the password that way. Go to Users and select the user. Browse to the Security Credentials tab and select Generate. Send the user the link so that it is possible to reset the password. This step has to be done or otherwise, it will not be possible to log into the IAM user account. Refer here: Adding IAM users.

  2. After completing the steps above, log into the Fortinet Support Portal/FortiCloud, etc as an IAM User.
    The IAM account ID can be found here (only the number is required):

jiahoong112_4-1726107390125.png

 

  1. After the above is set, the users will be able to log into the accounts. By default, 2FA token delivery will be done via Email but FortiToken can be used too. After migrating to the IAM user, follow this link to use FortiToken for 2FA again: Enabling Two-Factor Authentication.
383
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.