The following information is available:
User Name The name of the administrator account. Your session is indicated by (current).
IP Address The IP address where the administrator is logging in from. This field also displays the logon type (GUI, jsconsole, SSH, or telnet).
Start Time The date and time the administrator logged in.
Time Out (mins) The maximum duration of the session in minutes (1 to 480 minutes).
The following option is available:
Delete Select the check box next to the user and select Delete to drop their connection to the FortiManager unit.
To disconnect an administrator:
1. Go to System Settings > Dashboard.
2. Inthe System Information widget, under Current Administrators, select [Detail]. The list of current administrator sessions appears; see Administrator session list.
3. Select the check box for each administrator session that you want to disconnect, and select Delete.
4. Select OK to confirm deletion of the session.
The disconnected administrator will see the FortiManager logon screen when disconnected. They will not have any additional warning. It is a good idea to inform the administrator before disconnecting if possible should they be in the middle of important configurations for the FortiManager or another device.
Administrator
Go to System Settings > Admin > Administrator to view the list of administrators and configure administrator accounts. Only the default admin administrator account can see the complete administrators list. If you do not have certain viewing permissions, you will not see the administrator list.
Administrator list
The following information is available:
User Name The name this administrator uses to log in. Select the administrator name to edit the administrator settings.
Type The profile type. One of the following: LOCAL, RADIUS, LDAP, TACACS+, or PKI. When the administrator profile is a restricted administrator, this information will appear in the type column.
Profile The administrator profile for this user that determines the permissions of this administrator. For information on administrator profiles, see Profile.
ADOM The ADOM to which the administrator has been assigned.
Policy Package The policy packages to which this profile allows access.
Status Indicates whether the administrator is currently logged into the FortiManager unit not. An enabled icon indicates the administrator is logged in, a disabled icon indicates the administrator is not logged in.
Comments Descriptive text about the administrator account.
Email The contact email address associated with the administrator.
Phone The contact phone number associated with the administrator.
Trusted IPv4 Host The IPv4 trusted host(s) associated with the administrator.
Trusted IPv6 Hosts The IPv6 trusted host(s) associated with the administrator.
The following options are available:
Create New Select to create a new administrator. For more information, see To create a new local administrator account:.
Edit Select the checkbox next to the administrator, right-click, and select Edit in the rightclick menu to edit the entry. Alternatively, you can double-click the entry to open the Edit Administrator page.
Delete Select the check box next to the administrator you want to remove from the list and select Delete.
Column Settings Right-click the column heading to open Column Settings for the administrator page. You can select to enable columns, reset columns to their default state and organize the order in which the columns are displayed.
To create a new local administrator account:
1. Go to System Settings > Admin > Administrator and select Create New in the toolbar. The New Administrator dialog box opens.
Creating a new administrator account
2. Configure the following settings:
User Name Type the name that this administrator uses to log in. This field is available if you are creating a new administrator account.
Description Optionally, type a description of this administrator’s role, location or reason for their account. This field adds an easy reference for the administrator account.
Character limit: 127
Type Select LOCAL from the drop-down list.
New Password Type the password.
Confirm Password Type the password again to confirm it. The passwords must match.
Admin Profile Select a profile from the drop-down menu. The profile selected determines the administrator’s permission to the FortiManager unit’s features.
Restricted_User and Standard_User administrator profiles do not have access to the System Settings tab. An administrator with either of these administrator profiles will see a change password icon in the navigation pane.
To create a new profile, see Configuring administrator profiles.
Administrative Domain Choose the ADOMs this administrator will be able to access, or select All ADOMs. Select Specify and then select the add icon to add Administrative
Domains.
Select the remove icon to remove an administrative domain from this list.This field is available only if ADOMs are enabled. When the Admin Profile is a restricted administrator profile, you can only select one administrative domain. Best practice: Restrict administrator access only to the specific ADOMs that they are responsible for.
Policy Package Access Choose the policy packages this administrator will have access to, or select All Package. Select Specify and then select the Add icon to add policy packages.
Select the remove icon to remove a policy package from this list.This field is not available when the Admin Profile is a restricted administrator profile.Best practice: Restrict administrator access only to the specific policy packages that they are responsible for.
Trusted Host Optionally, type the trusted host IPv4 or IPv6 address and netmask from which the administrator can log in to the FortiManager unit. Select the Add icon to add trusted hosts. You can specify up to ten trusted hosts. Select the delete icon to remove a policy package from this list.
Setting trusted hosts for all of your administrators can enhance the security of your system. For more information, see Using trusted hosts.
Best practice: Restrict administrator access by trusted hosts to help prevent unwanted access.
User Information (optional)
Contact Email Type a contact email address for the new administrator.
This email address is also used for workflow session approval email notifications.
Contact Phone Type a contact phone number for the new administrator.