Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bb
New Contributor

Created on ‎02-27-2015 05:20 AM

account purging

Hi

Is it possible to delete an account from the FAC database that has been locked due to inactivity?

i.e. an account expires after one year from creation, however I need this removed if no user activity has been recorded for 30 days.

 

Thanks

B

12905
0 Kudos
13 REPLIES 13
Carl_Windsor_FTNT
Staff
Staff

Created on ‎02-27-2015 06:13 AM

bb wrote:

Is it possible to delete an account from the FAC database that has been locked due to inactivity?

i.e. an account expires after one year from creation, however I need this removed if no user activity has been recorded for 30 days.

 

It sure is.  Go to Authentication > User Account Policies > Lockouts and Enable Inactive User Lockout.  Enabling Automatic purge in Authentication > User Account Policies > General will then remove them.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

5634
0 Kudos
bb
New Contributor

Created on ‎02-27-2015 06:33 AM

Hi Carl

Wouldn't that only remove expired accounts?

my account would be valid for one year, but may only be used for a couple of days. i can't find any options to differentiate between locked accounts (inactivity vs wrong password )

 

Thanks,

B

5634
0 Kudos
Carl_Windsor_FTNT
Staff
Staff
In response to bb

Created on ‎02-27-2015 07:35 AM

I was sure that we had changed it so allow these accounts to be removed but I am hesitating now.  Let me test and confirm over the weekend and if not, I will create an feature request to create an "inactive" status and allow this to be purged.

Dr. Carl Windsor Field Chief Technology Officer Fortinet

5634
0 Kudos
bb
New Contributor

Created on ‎02-27-2015 07:52 AM

Thanks a lot Carl

much appreciated

5634
0 Kudos
Carl_Windsor_FTNT
Staff
Staff

Created on ‎03-02-2015 07:04 AM

You are correct, inactive users are set to disabled and therefore miss being purged.  I have created an new feature request for this capability to be added (NFR 270528 for reference).

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

5634
0 Kudos
bb
New Contributor

Created on ‎03-04-2015 12:45 PM

Great news!

cheers :)

5634
0 Kudos
hkloh
New Contributor
In response to bb

Created on ‎05-17-2016 04:42 AM

Hi Carl,

 

The new firmware (4.1) support purge user (auto/manual) but can we view the detail information at the event log (which user is been purged or disabled)..

5634
0 Kudos
Carl_Windsor_FTNT
Staff
Staff
In response to hkloh

Created on ‎05-17-2016 07:12 AM

 

Log 305 show me disabling the user manually (admin2 (changed fields = active)

Log 306 shows the manual purge and logs the user admin3 being deleted in log 321

Log 326 shows an automatic purge and the result being user carl being deleted in log 327

 

 

 

Dr. Carl Windsor Field Chief Technology Officer Fortinet

Preview file
148 KB
5634
0 Kudos
hkloh
New Contributor
In response to Carl_Windsor_FTNT

Created on ‎05-17-2016 08:36 PM

Hi Carl,

 

From the picture you share i can see the purge and deleted in order (log). If they is alot of multiple message in the logs, can we filter the logs with multiple keyword like purging and deleted.

5634
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.