FortiAuthenticator user self-registration

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

For this recipe, you will configure the FortiAuthenticator self-service portal to allow users to add their own account and create their own passwords.

Note that enabling and using administrator approval requires the use of an email server, or SMTP server. Since administrators will approve requests by email, this recipe describes how to add an email server to your FortiAuthenticator.  You will create and use a new server instead of the unit’s default server.

Watch the video

1. Creating a self-registration user group

Go to Authentication > User Management > User Groups and create a new user group for self-registering users.

Enter a Name and select OK. Users will be added to this group once they register through the self-registration portal.

2. Editing self-registration settings

Go to Authentication > Self-service Portal > General.

Enter a Site name, add an email signature that you would like appended to the end of outgoing emails, and select OK.

3. Enabling self-registration

Go to Authentication > Self-service Portal > Self-registration and select Enable.

Enable Require administrator approval and Enable email to freeform addresses, enter the administrator’s email address in the field provided, and configure basic account information to be sent to the user by Email.

Open the Required Field Configuration dropdown and enable First name, Last name, and Email address.

4. Creating a new SMTP server

Go to System > Messaging > SMTP Servers and create a new email server for your users.

Enter a name, the IP address of the FortiAuthenticator, and leave the default port value.

Enter the administrator’s email address, account name, and password.

Note that, for the purpose of this recipe, Secure connection will not be set to STARTTLS, as a signed CA certificate would be needed. 

Once created, highlight the new server and select Set as Default.

The new SMTP server will now be used for future user registration.

5. Results – Self-registration

When the user visits the login page, https://<FortiAuthenticator-IP>/auth/register/, they can click the Register button, and is then prompted to enter their information.

They will need to enter and confirm a Username, PasswordFirst name, Last name, and Email address. These are the only required fields, as configured in the FortiAuthenticator earlier.

Select Submit.

The user’s registration is successful, and their information has been sent to the administrator for approval.
When the administrator has enabled the user’s account, 

the user will receive an activation welcome email.

The user’s login information will be listed.

Select the link and log in to the user’s portal.

The user is now logged into their account where they can review their information.

As recommended in the user’s welcome email, the user may change their password. However, this is optional.

6. Results – Administrator approval

After the user requests for registration, in the FortiAuthenticator as the administrator, go to Authentication > User Management > Local Users. The user has been added, but their Status is listed as Unknown.

In the administrator’s email account, open the Approval Required email. In it, the user’s full name will appear in the email’s subject, along with their username.

Select the link to approve or deny the user.

The link will take you to the New User Approval page, where you can review the user’s information and either approve or deny the user’s full registration.

Select Approve.

 

The user has now been approved and activated by the administrator.

This can be confirmed by going back to Authentication > User Management > Local Users. The user’s Status has changed to Enabled.

7. Verifying the results

On the FortiAuthenticator, go to Logging > Log Access > Log to view the successful login of the user and more information.
Adam Bristow

Adam Bristow

Technical Writer at Fortinet
Adam Bristow is a Technical Writer working for the FortiOS technical documentation team. He has a Honours Bachelor of Arts in English and Minor in Film Studies and a graduate certificate in Technical Writing from Algonquin College. Stay tuned for more FortiOS Cookbook videos!
Adam Bristow
  • Was this helpful?
  • Yes   No
Although the FortiAuthenticator can be configured to send emails from the built-in mail server (localhost), this is not recommended. Anti-spam methods such as IP lookup, DKIM, and SPF can cause mail from such ad-hoc mail servers to be blocked. It is highly recommended that email is relayed via an official mail server for your domain.
Alternatively, you can go to System > Messaging > Email Services, set both Administrators and Users to use the new SMTP server, and select Save.
Note that the email may have been marked as Spam.