Skip to content

Manage Admin Accounts

Admin accounts log into the FortiGate GUI and CLI. The default admin account exists out of the box; create per-person accounts for everyone who'll touch the box, attach MFA, and restrict access to trusted source IPs.

Steps

Create a new admin

  1. System → Administrators → + Create New.
  2. Fill in:
    • Usernamejdoe.
    • TypeLocal User (for FortiGate-managed creds) or Remote User (LDAP/RADIUS).
    • Password — strong, 12+ chars.
    • Comments — optional.
    • Administrator Profile — pick an Admin Profile. super_admin = full access; prof_admin = full but no user changes; create custom profiles for restricted scopes.
    • Trusted Hosts — IPs/subnets this user can log in from. Add your office subnet, your home IP, your mobile hotspot. Up to 10 entries.
    • Two-factor AuthenticationEmail, SMS, or FortiToken.
    • Restrict admin to guest account provisioning only — usually No.
  3. OK.

📸 Screenshot needed

System → Administrators → Create New form, showing all fields populated.

Edit an existing admin

  1. System → Administrators → click the username.
  2. Change fields.
  3. OK.

Changes apply immediately. Active sessions for that admin stay logged in until next login.

Delete an admin

  1. System → Administrators → check the user → Delete.
  2. Confirm.

You can't delete the last super_admin. Create a replacement first.

CLI Equivalent

config system admin
edit "jdoe"
    set accprofile "prof_admin"
    set password "StrongPassword123"
    set trusthost1 203.0.113.0 255.255.255.0
    set two-factor email
    set email-to "jdoe@example.com"
next
end

Verify

Log out, log back in as the new user. Check that the GUI restricts to what you intended (e.g. prof_admin shouldn't see "Administrators" menu).

Common Issues

  • Locked out after wrong password attempts. Default lockout is 60 seconds. Wait, or unlock via console: 
    diagnose user banned-ip clear
  • Trusted Hosts blocked you. Use console cable to fix.
  • Forgot the admin password. Reset via console maintenance mode (boot menu → reset config), OR via another super_admin: config system admin; edit <user>; set password ...; end.
  • Per-VDOM admin needed. Set vdom on the admin entry.