Hot!Admin Authenticatiom from external servers

New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/03 15:47:46
  • Status: offline
2020/09/28 16:06:43 (permalink)

Admin Authenticatiom from external servers

I work for an org which prefers to control authentication and provisioning of accounts by AD. However, we have a multi-tier access where some people get super_user, others just standard, etc. some might even be assigned to a specific Adom. all of which would be based on AD group.
When reading the documentation, it looks like i can only set the wildcard to one user (tried it practice and more than one causes an auth error). So when i am looking for is maybe switching to radius auth, but i still cannot figure out how to assign permissions dynamically based on the user. there is the " Fortinet-Group-Name " attribute, but not sure how i would use it here since the fortimanager does not have groups.
I cannot imagine we are the only one who prefers to do it this way. Otherwise every new staff member would be a huge checklist to go fiddle with each system like the fortimanager.
Expert Member
  • Total Posts : 790
  • Scores: 58
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Admin Authenticatiom from external servers 2020/10/05 07:36:37 (permalink)
hm I set up our FortiManager to do Login either with its local admin (to have some fallback) or with a user in our AD. I tied the login to a specific AD Usergroup. Works smoothly here with FMG and also with FGTs.
Here is a Fortinet doc about this:
Jump to:
© 2020 APG vNext Commercial Version 5.5