Managing Guest Access
Visitors to your premises might need user accounts on your network for the duration of their stay. If you are hosting a large event such as a conference, you might need to create many such temporary accounts. The FortiOS Guest Management feature is designed for this purpose.
A guest user account User ID can be the user’s email address, a randomly generated string, or an ID that the administrator assigns. Similarly, the password can be administrator-assigned or randomly generated.
You can create many guest accounts at once using randomly-generated User IDs and passwords. This reduces administrator workload for large events.
User’s view of guest access
- The user receives an email, SMS message, or printout from a FortiOS administrator listing a User ID and password.
- The user logs onto the network with the provided credentials.
- After the expiry time, the credentials are no longer valid.
Administrator’s view of guest access
- Create one or more guest user groups.
All members of the group have the same characteristics: type of User ID, type of password, information fields used, type and time of expiry.
- Create guest accounts using Guest Management.
- Use captive portal authentication and select the appropriate guest group.
Configuring guest user access
To set up guest user access, you need to create at least one guest user group and add guest user accounts. Optionally, you can create a guest management administrator whose only function is the creation of guest accounts in specific guest user groups. Otherwise, any administrator can do guest management.
Creating guest management administrators
To create a guest management administrator
- Go to System > Administrators and create a regular administrator account. For detailed information see the System Administration
- Select Restrict to Provision Guest Accounts.
- In Guest Groups, add the guest groups that this administrator manages.
Creating guest user groups
The guest group configuration determines the fields that are provided when you create a guest user account.
Configuring guest user access
To create a guest user group:
- Go to User & Device > User Groups and select Create New.
- Enter the following information:
| Name | Enter a name for the group. |
| Type | Guest |
| Enable Batch Account
Creation |
Create multiple accounts automatically. When this is enabled:
l User ID and Password are set to Auto-Generate. l The user accounts have only User ID, Password, and Expiration fields. Only the Expiration field is editable. If the expiry time is a duration, such as “8 hours”, this is the time after first login. l You can print the account information. Users do not receive email or SMS notification. See To create multiple guest user accounts automatically on page 75. |
| User ID | Select one of:
l Email — User’s email address l Specify — Administrator assigns user ID l Auto-Generate — FortiGate unit creates a random user ID |
| Password | Select one of:
l Specify — Administrator assigns user ID l Auto-Generate — FortiGate unit creates a random password l Disable — no password |
| Expire Type | Choose one of:
l Immediately — expiry time is counted from creation of account l After first login — expiry time is counted from user’s first login |
| Default Expire Time | Set the expire time. The administrator can change this for individual users. |
| Enable Name | If enabled, user must provide a name. |
| Enable Sponsor | If enabled, user form has Sponsor field. Select Required if required. |
| Enable Company | If enabled, user form has Company field. Select Requiredif required. |
| Enable Email | If enabled, user is notified by email. |
| Enable SMS | If enabled, user is notified by SMS. Select whether FortiGuard Messaging Service or a another SMS provider is used. |
Creating guest user accounts
Guest user accounts are not the same as local user accounts created in User & Device > User Definition. Guest accounts are not permanent; they expire after a defined time period. You create guest accounts in User & Device > Guest Management.
To create a guest user account
- Go to User & Device > Guest Management.
- In Guest Groups, select the guest group to manage.
- Select Create New and fill in the fields in the New User
Fields marked Optional can be left blank. The guest group configuration determines the fields that are available.
- Select OK.
To create multiple guest user accounts automatically
- Go to User & Device > Guest Management.
- In Guest Groups, select the guest group to manage.
The guest group must have the Enable Batch Guest Account Creation option enabled.
- Select Create New > Multiple Users.
Use the down-pointing caret to the right of Create New.
- Enter Number of Accounts.
- Optionally, change the Expiration.
- Select OK.
Guest Management Account List
Go to User & Device > Guest Management to create, view, edit or delete guest user accounts.
| Create New | Creates a new guest user account. |
| Edit | Edit the selected guest user account. |
| Delete | Delete the selected guest user account. |
| Purge | Remove all expired accounts from the list. |
| Send | Send the user account information to a printer or to the guest. Depending on the group settings and user information, the information can be sent to the user by email or SMS. |
| Refresh | Update the list. |
| Guest Groups | Select the guest group to list. New accounts are added to this group. |
| User ID | The user ID. Depending on the guest group settings, this can be the user’s email address, an ID that the administrator specified, or a randomly-generated ID. |
| Expires | Indicates a duration such as “3 hours”. A duration on its own is relative to the present time. Or, the duration is listed as “after first login.” |