Hi,
I work for an org which prefers to control authentication and provisioning of accounts by AD. However, we have a multi-tier access where some people get super_user, others just standard, etc. some might even be assigned to a specific Adom. all of which would be based on AD group.
When reading the documentation, it looks like i can only set the wildcard to one user (tried it practice and more than one causes an auth error). So when i am looking for is maybe switching to radius auth, but i still cannot figure out how to assign permissions dynamically based on the user. there is the " Fortinet-Group-Name " attribute, but not sure how i would use it here since the fortimanager does not have groups.
I cannot imagine we are the only one who prefers to do it this way. Otherwise every new staff member would be a huge checklist to go fiddle with each system like the fortimanager.
hm I set up our FortiManager to do Login either with its local admin (to have some fallback) or with a user in our AD. I tied the login to a specific AD Usergroup. Works smoothly here with FMG and also with FGTs.
Here is a Fortinet doc about this: https://pub.kb.fortinet.com/Platform/Publishing/809/FD37328_f.1.html
hth
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.