Adding Users to Multi-Tenant Deployments
Two kinds of admin users can be added
users belonging to a specific organization or super-local users belonging to super-global
Adding specific organization users
This can be done from the specific organization admin account or from the super global account.
Logon as an appropriate administrator – two possibilities logon as admin user for that organization or
logon as super-global and then switch user to that organization
Follow the steps for AO-VA case described here. Note that for Active Directory based discovery, the Active Directory server has to belong to that specific organization. If the Active Directory server belongs to super-local, then the users also belong to super and would not be visible for that organization.
FortiSIEM provides a short-cut to add admin users for multiple organizations in one shot
Logon as super-global
Manually create the user as described in the manual user creation mode here.
Choose the Default role
Choose the permitted organizations and also override the default role for a specific organization if needed. In the example below, user1 is the Network Admin for every organization but System Admin for O-eng.
Adding super-global users
Super-global users are often need for managing multiple organizations, and can be created from the super-global account. There are two cases depending on whether organizations have collectors or not.
For the organizations-with-collector-only case, users must be created manually.
Logon as super-global
Manually create the user as described in the manual user creation mode here
Choose the Default role
Choose the permitted organizations. Override the default role for each specific organization, if needed. In the example below, user1 is the Network Admin for every organization but System Admin for O-eng.
For the organizations-without-collector case, if the Active Directory Server belongs to super-local, then the discovered users would be visible from the super-global view and any of these users can be made an FortiSIEM user. In this case the steps are
Logon as super-global
Create the user as described here – both manual and discovery-based approaches can be used
Choose the Default role
Choose the permitted organizations. And if needed, override the default role for specific organizations. In the example below, user1 is the Network Admin for every organization but System Admin for O-eng.
Adding Users to Organizations
Adding users to organizations for multi-tenant deployments follows the same processes described in Adding Users for Enterprise Deployments, though if you want to discover users in an Active Directory server over LDAP, the Active Directory server has to belong the organization where you want to add the user.
- Log in to your Supervisor node either as the Admin user for the organization where you want to add the user, or log in as a Super/Global user to add the user to more than one organization.
- Create the user as described in Adding a Single User, or follow the instructions in Adding Users from Active Directory via LDAP.
- If you have logged in as the Super/Global user, select the organizations where you want to add the user, overriding any Default Roles for the organization as necessary.