For this recipe, you will configure the FortiAuthenticator self-service portal to allow users to add their own account and create their own passwords.
Note that enabling and using administrator approval requires the use of an email server, or SMTP server. Since administrators will approve requests by email, this recipe describes how to add an email server to your FortiAuthenticator. You will create and use a new server instead of the unit’s default server.
1. Creating a self-registration user group |
|
|
Go to Authentication > User Management > User Groups and create a new user group for self-registering users. Enter a Name and select OK. Users will be added to this group once they register through the self-registration portal. |
 |
2. Editing self-registration settings |
|
|
Go to Authentication > Self-service Portal > General. Enter a Site name, add an email signature that you would like appended to the end of outgoing emails, and select OK. |
 |
3. Enabling self-registration |
|
|
Go to Authentication > Self-service Portal > Self-registration and select Enable. |
|
|
Enable Require administrator approval and Enable email to freeform addresses, enter the administrator’s email address in the field provided, and configure basic account information to be sent to the user by Email. Open the Required Field Configuration dropdown and enable First name, Last name, and Email address. |
 |
4. Creating a new SMTP server |
|
| Go to System > Messaging > SMTP Servers and create a new email server for your users. | |
|
Enter a name, the IP address of the FortiAuthenticator, and leave the default port value. Enter the administrator’s email address, account name, and password. Note that, for the purpose of this recipe, Secure connection will not be set to STARTTLS, as a signed CA certificate would be needed. |
 |
|
Once created, highlight the new server and select Set as Default. The new SMTP server will now be used for future user registration. |
|
5. Results – Self-registration |
|
|
When the user visits the login page, https://<FortiAuthenticator-IP>/auth/register/, they can click the Register button, and is then prompted to enter their information. They will need to enter and confirm a Username, Password, First name, Last name, and Email address. These are the only required fields, as configured in the FortiAuthenticator earlier. Select Submit. |
 |
| The user’s registration is successful, and their information has been sent to the administrator for approval. |  |
| When the administrator has enabled the user’s account,
the user will receive an activation welcome email. The user’s login information will be listed. |
 |
|
Select the link and log in to the user’s portal. |
 |
|
The user is now logged into their account where they can review their information. As recommended in the user’s welcome email, the user may change their password. However, this is optional. |
 |
6. Results – Administrator approval |
|
|
After the user requests for registration, in the FortiAuthenticator as the administrator, go to Authentication > User Management > Local Users. The user has been added, but their Status is listed as Unknown. |
 |
|
In the administrator’s email account, open the Approval Required email. In it, the user’s full name will appear in the email’s subject, along with their username. Select the link to approve or deny the user. |
 |
|
The link will take you to the New User Approval page, where you can review the user’s information and either approve or deny the user’s full registration. Select Approve. |
|
|
The user has now been approved and activated by the administrator. This can be confirmed by going back to Authentication > User Management > Local Users. The user’s Status has changed to Enabled. |
|
7. Verifying the results |
|
| On the FortiAuthenticator, go to Logging > Log Access > Log to view the successful login of the user and more information. |  |
The post FortiAuthenticator user self-registration appeared first on Fortinet Cookbook.