2 procedure 2: create new user group, Procedure 2: create new user group – HID ActivID AAA OOB & SSL User Manual

4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 5

• Secondary Server Secret—Enter the RADIUS server secret key for the secondary AAA server. The

secondary server secret key MUST be a maximum of 16 characters in length.

• Authentication Scheme—Select the Use Default Authentication Scheme option to authenticate with

the default method. The default authentication scheme uses PAP, MSCHAP- V2, and CHAP, in that
order. Select the Specify Authentication Protocol option to override the default authentication method,
and then choose the protocol from the list: MSCHAP- V2, MS-CHAP, CHAP, or PAP, depending on what
your RADIUS server requires.

• NAS IP/Called Station ID—Enter the NAS IP address and Called Station ID. If you do not enter an IP

address, then the IP address that the FortiGate interface uses to communicate with the AAA server will
be applied.

• Include in every User Group—Select this option to have the AAA server automatically included in all

user groups.

4. Click OK at the bottom of the page.

2.2

Procedure 2: Create New User Group

A user group is a list of user identities. In this case, the identity is a RADIUS server.

1. Logged into the

FortiGate Web console,
navigate to User >
User Group > User
Group.

2. Click Create New.

The following dialog is displayed.