User Group User
FortiGate Version 4.0 MR1 Administration Guide
666 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Figure 414: PKI user
You can configure peer user groups only through the CLI. For more information, see the
FortiGate CLI Reference.
User Group
A user group is a list of user identities. An identity can be:
• a local user account (user name and password) stored on the FortiGate unit
• a local user account with a password stored on a RADIUS, LDAP, or TACACS+ server
• a RADIUS, LDAP, or TACACS+ server (all identities on the server can authenticate)
• a user or user group defined on a Directory Service server.
Each user group belongs to one of three types: Firewall, Directory Service or SSL VPN.
For information about each type, see “Firewall user groups” on page 667, “Directory
Service user groups” on page 668, and “SSL VPN user groups” on page 668. For
information on configuring each type of user group, see “Configuring a user group” on
page 669.
In most cases, the FortiGate unit authenticates users by requesting each user name and
password. The FortiGate unit checks local user accounts first. If the unit does not find a
match, it checks the RADIUS, LDAP, or TACACS+ servers that belong to the user group.
Authentication succeeds when the FortiGate unit finds a matching user name and
password.
Name Enter the name of the PKI user.
Subject Enter the text string that appears in the subject field of the certificate of the
authenticating user. This field is optional.
CA Enter the CA certificate that must be used to authenticate this user. This
field is optional.
Two-factor authentication
Require two-factor
authentication
Require this
PKI user to authenticate by password in addition to
certificate authentication. Enter a Password.
Password Enter the password that this PKI user must enter.
Note: You must enter a value for at least one of Subject or CA.
To Next Page
Loading...
Need help?
General