User Group - Fortinet FortiGate Series Administration Manual

User Group

User Group
666
Figure 414: PKI user
Name Enter the name of the PKI user.
Subject Enter the text string that appears in the subject field of the certificate of the
authenticating user. This field is optional.
CA Enter the CA certificate that must be used to authenticate this user. This
field is optional.
Two-factor authentication
Require two-factor Require this
certificate authentication. Enter a Password.
authentication
Password Enter the password that this PKI user must enter.
Note: You must enter a value for at least one of Subject or CA.
You can configure peer user groups only through the CLI. For more information, see the
FortiGate CLI Reference.
A user group is a list of user identities. An identity can be:
• a local user account (user name and password) stored on the FortiGate unit
• a local user account with a password stored on a RADIUS, LDAP, or TACACS+ server
• a RADIUS, LDAP, or TACACS+ server (all identities on the server can authenticate)
• a user or user group defined on a Directory Service server.
Each user group belongs to one of three types: Firewall, Directory Service or SSL VPN.
For information about each type, see
Service user groups" on page
information on configuring each type of user group, see
page 669.
In most cases, the FortiGate unit authenticates users by requesting each user name and
password. The FortiGate unit checks local user accounts first. If the unit does not find a
match, it checks the RADIUS, LDAP, or TACACS+ servers that belong to the user group.
Authentication succeeds when the FortiGate unit finds a matching user name and
password.
PKI user to authenticate by password in addition to
"Firewall user groups" on page
668, and "SSL VPN user groups" on page
FortiGate Version 4.0 MR1 Administration Guide
667, "Directory
668. For
"Configuring a user group" on
01-410-89802-20090903
http://docs.fortinet.com/
User
• Feedback