Users and authentication | Configuring user groups |
|
|
Configuring user groups
To enable authentication, you must add user names, RADIUS servers, and LDAP servers to one or more user groups. You can then select a user group when you require authentication. You can select a user group to configure authentication for:
•Policies that require authentication. Only users in the selected user group or users that can authenticate with the RADIUS servers added to the user group can authenticate with these policies.
•IPSec VPN Phase 1 configurations for dialup users. Only users in the selected user group can authenticate to use the VPN tunnel.
•XAuth for IPSec VPN Phase 1 configurations. Only users in the selected user group can be authenticated using XAuth.
•The FortiGate PPTP configuration. Only users in the selected user group can use PPTP.
•The FortiGate L2TP configuration. Only users in the selected user group can use L2TP.
When you add user names, RADIUS servers, and LDAP servers to a user group, the order in which they are added determines the order in which the FortiGate unit checks for authentication. If user names are first, then the FortiGate unit checks for a match with these local users. If a match is not found, the FortiGate unit checks the RADIUS or LDAP server. If a RADIUS or LDAP server is added first, the FortiGate unit checks the server and then the local users.
If the user group contains users, RADIUS servers, and LDAP servers, the FortiGate unit checks them in the order in which they have been added to the user group.
This section describes:
•Adding user groups
•Deleting user groups
Adding user groups
Use the following procedure to add user groups to the FortiGate configuration. You can add user names, RADIUS servers, and LDAP servers to user groups.
To add a user group
1Go to User > User Group.
2Select New to add a new user group.
229 |