Managing Forti-Authenticator With Remote LDAP Account for Easy Administration Purpose

In order to allow Forti-Authenticator managed by Remote Administrator account, all you need to do is choose one of your LDAP Managed user as Administrator.

First you need to add your LDAP profile and In order to do that you will need to have Active Directory Service Account created(recommended) on LDAP  for “FAC <-> LDAP” connection , which will be used for LDAP bind and search operations by FAC.

Note that the same LDAP service account can also be used for joining FAC to Active directory Domain and perform few other secure operations.

Below you will see LDAP profile was created successfully and user “Praveen” got imported into FAC manually.


Finally, you will then promote the Remote LDAP user account with a Administrator Role.

Important Note:

Once you promote a Remote user to Administrator, it will no more sync with the HA Load Balancer Slave.

In version v5.x and v6.0 you wont be able to sync a Remote Administrator account to a HA Load Balancing slave device.

However, from v6.1 onwards(new feature) you can do this by enabling Sync in HA Load Balancing mode which is given under the User Account management section.

Sample Reference below: