Skip to main content

Cornell University

IT@Cornell

User Management in FortiMonitor

How to handle users and invites.  How to manage issues when a user already exists.

This article applies to: IT Infrastructure Monitoring

On This Page

Username Format

Within your tenant, you can add users to grant them access to your environment. Like many external services, FortiMonitor uses email addresses as usernames. 

For Cornell users, use netid@cornell.edu format. Custom email addresses, “my.name@cornell.edu”, will not work when logging in via Shibboleth, leading to “unknown user” errors.

Managing passwords per-user in FortiMonitor is discouraged.

Invite Users

Every FortiMonitor user must be unique and can only exist in one Tenant at a time. When we need to give a particular user access to multiple Tenants, FortiMonitor lets us invite users across Tenants. This invite feature lets a user appear in multiple Tenants, receive specific access rights in each, and participate in on-call schedules or Alert Timelines. The user must accept the invitation to join your Tenant before you can add them to notifications or on-call schedules.

As noted in the section on On-Call Schedules, it helps to keep users in the tenant who participate in FortiMonitor's native on-call rotation.

The FortiMonitor mobile app does not currently support cross-Tenant access. Push notifications or mobile incident monitoring will only work in the user's home Tenant.

For every user in your tenant, invited or otherwise, you need to define their access via ACL Roles and potentially limit their visibility into Server Groups:

  • ACL Roles define the permissions granted to the user. FortiMonitor has created several standard roles, and you can create your own.
  • Server/Instance Groups allow you to define a user's visibility and limit them to a subset of the instances in your tenant.
 ACL Roles can undo this setting if you give users access to create other users or manage their own accounts!

Contact Only Users

FortiMonitor also let you create contact-only users. These users will not have access to the FortiMonitor UI, but can use used as notification targets in Alert Timelines and On-Call Schedules. Since they are not true “login users”, FortiMonitor does not enforce a uniqueness requirement, allowing you the option to define contact records for an individual user or team email addresses that might also be used in other Tenants. For example, you can use contact-only users to send email notification to a team-specific EGA or E-List.

For more information on managing users in your Tenant, please see the FortiMonitor documentation. In cases where you need a user moved to your Tenant, instead of inviting them for cross-Tenant access, please contact systems-support@cornell.edu for assistance.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.