FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 193252

Description


This article provides steps to import administrative users from an Active Directory Group.

Scope


FortiNAC v8.x, v9.x.

Solution


1) Under System Settings > Authentication > LDAP

 

- 'Double-click' on the directory.
- Select Search Branches.
- Configure a group search branch mapping.

 

groupsearch1.png

 


Under System Settings -> Authentication -> LDAP.
- 'Double-click' on the directory.
- Select the Selected Groups tab.
- Place a checkmark in the group you want to give administrative privileges to (our case: Domain Admins)

groups.png

Under System -> Scheduler
- Select Synchronize Users with Directory
- Seletc the Run Now button (the previously selected "Domain Admins" group will be imported in FNAC as an Host group.

scheduler.png

Under System > Groups
11. Delete the group (because it is imported as a host group)
12. Add a group with the exact same name "Domain Admins"
13. Make the group type Administrator

Under Users > Admin Profiles >  Profile Mappings
14. Click Add
15. Use the drop down to select the admin privileges you want the group to have. In our case "Super Administrator"
16. Use the drop down to select the group "Domain Admins"
17. Click the Ok button

Under System > Scheduler
18. Select Synchronize Users with Directory
19. Click the Run Now button

Adminprofile.png

Under Users > Admin Users
20. Verify that the new admin users "fortinet" and "testadmin" that have been imported to this view. 

21. Editing the "fortinet" user we will be able to see the account with attributes from LDAP directory

 

admin.png

Other documentation: