Hot!Admin Authenticatiom from external servers

Author
rootdet
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/03 15:47:46
  • Status: offline
2020/09/28 16:06:43 (permalink)
0

Admin Authenticatiom from external servers

Hi,
 
I work for an org which prefers to control authentication and provisioning of accounts by AD. However, we have a multi-tier access where some people get super_user, others just standard, etc. some might even be assigned to a specific Adom. all of which would be based on AD group.
 
When reading the documentation, it looks like i can only set the wildcard to one user (tried it practice and more than one causes an auth error). So when i am looking for is maybe switching to radius auth, but i still cannot figure out how to assign permissions dynamically based on the user. there is the " Fortinet-Group-Name " attribute, but not sure how i would use it here since the fortimanager does not have groups.
 
I cannot imagine we are the only one who prefers to do it this way. Otherwise every new staff member would be a huge checklist to go fiddle with each system like the fortimanager.
#1
sw2090
Expert Member
  • Total Posts : 790
  • Scores: 58
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Admin Authenticatiom from external servers 2020/10/05 07:36:37 (permalink)
0
hm I set up our FortiManager to do Login either with its local admin (to have some fallback) or with a user in our AD. I tied the login to a specific AD Usergroup. Works smoothly here with FMG and also with FGTs.
 
Here is a Fortinet doc about this: https://pub.kb.fortinet.com/Platform/Publishing/809/FD37328_f.1.html
 
hth
Sebastian
#2
Jump to:
© 2020 APG vNext Commercial Version 5.5