This article describes that new IAM users will not be able to remote access the on-prem FortiGate via FortiGate cloud and getting this error ‘This FortiCloud account XXXX is not authorized to sign in on this FortiGate’.
Scope
FortiCloud service 24.2.x.
Solution
The possible cause of this issue is that the IAM account does not have valid permissions to access the FortiGate.
To resolve this issue:
Step 1: Open Support portal (support.fortinet.com).
Step 2: Go to Services > select ‘IAM‘.
Step 3: Select ‘Permission profiles’.
Step 4: Create a new permission profile (Note: default sysadmin permission profile does not have managed FortiOS feature enabled).
Step 5: Select to add portal.
Step 6: Select portals based on the requirement but for accessing on-premise FortiGates select ‘FortiOS SSO and managed FortiGate‘ must be configured to allow portal access for administrators.
Step 7: Enable the access on both portals and give the access types based on the screenshots.
Step 8: Then, assign this permission profile to the new IAM user.
Step 9: Ensure the status of that user must be active.
Step 10: Login to the account via that IAM user.
Step 11: Then attempt to remote access the FortiGate.
Step 12: After all these steps are taken, a successful attempt looks like the below screenshot:
