This article describes the new system admin profile ‘ADOM Scoped Admin’ introduced in version 7.6.
Scope
FortiManager 7.6.
Solution
Step 1: Starting from FortiManager version 7.6, a new system admin profile ‘ADOM Scoped Admin‘ is introduced. Users with the ‘ADOM Scoped Admin‘ system admin profile assigned will be able to manage administrators within its ADOM.
Step 2: The ‘ADOM Scoped Admin‘ system admin profile can be created under System Settings > Admin Profiles > Create New > Type > ADOM Scoped Admin.
Alternatively, use the following CLI command to create the ‘ADOM Scoped Admin‘ system admin profile.
config system admin profile
edit <profile>
set adom-admin {enable}
end
Step 3: The ‘ADOM Scoped Admin‘ system admin profile can only be assigned to users with a single specific ADOM. Below is an example of how to create a user and assign the ‘ADOM Scoped Admin‘ system admin profile named (adom_admin_profile_1) to a single ADOM (adom_1).
Step 4: For this demonstration, two ‘ADOM Scoped Admin‘ system admin profiles are created (adom_admin_profile_1 & adom_admin_profile_2) and the following administrators will be assigned to the specific ‘ADOM Scoped Admin’ system admin profile.
Step 5: Since test_admin_1 and test_admin_2 are both assigned with the same ‘ADOM Scoped Admin‘ system admin profile adom_admin_profile_1, logging into FortiManager with either user will allow the user to manage the administrators within the respective ADOM. The user test_admin_3 will not be visible and cannot be managed since it is not assigned with the same ‘ADOM Scoped Admin‘ system admin profile adom_admin_profile_1.
