lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_system_admin Configure admin users in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_system_admin (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and admin category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure admin users. fortios_system_admin: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" system_admin: accprofile: "<your_own_value> (source system.accprofile.name)" accprofile_override: "enable" allow_remove_admin_session: "enable" comments: "<your_own_value>" email_to: "<your_own_value>" force_password_change: "enable" fortitoken: "<your_own_value>" guest_auth: "disable" guest_lang: "<your_own_value> (source system.custom-language.name)" guest_usergroups: - name: "default_name_13" gui_dashboard: - columns: "10" id: "16" layout_type: "responsive" name: "default_name_18" permanent: "disable" scope: "global" vdom: "<your_own_value> (source system.vdom.name)" widget: - fabric_device: "<your_own_value>" fabric_device_widget_name: "<your_own_value>" fabric_device_widget_visualization_type: "<your_own_value>" fortiview_device: "<your_own_value>" fortiview_filters: - id: "28" key: "<your_own_value>" value: "<your_own_value>" fortiview_sort_by: "<your_own_value>" fortiview_timeframe: "<your_own_value>" fortiview_type: "<your_own_value>" fortiview_visualization: "<your_own_value>" height: "25" id: "36" industry: "default" interface: "<your_own_value> (source system.interface.name)" region: "default" title: "<your_own_value>" type: "sysinfo" width: "25" x_pos: "500" y_pos: "500" gui_global_menu_favorites: - id: "46" gui_new_feature_acknowledge: - id: "48" gui_vdom_menu_favorites: - id: "50" hidden: "127" history0: "<your_own_value>" history1: "<your_own_value>" ip6_trusthost1: "myhostname" ip6_trusthost10: "myhostname" ip6_trusthost2: "myhostname" ip6_trusthost3: "myhostname" ip6_trusthost4: "myhostname" ip6_trusthost5: "myhostname" ip6_trusthost6: "myhostname" ip6_trusthost7: "myhostname" ip6_trusthost8: "myhostname" ip6_trusthost9: "myhostname" login_time: - last_failed_login: "<your_own_value>" last_login: "<your_own_value>" usr_name: "<your_own_value>" name: "default_name_68" password: "<your_own_value>" password_expire: "<your_own_value>" peer_auth: "enable" peer_group: "<your_own_value>" radius_vdom_override: "enable" remote_auth: "enable" remote_group: "<your_own_value>" schedule: "<your_own_value>" sms_custom_server: "<your_own_value> (source system.sms-server.name)" sms_phone: "<your_own_value>" sms_server: "fortiguard" ssh_certificate: "<your_own_value> (source certificate.remote.name)" ssh_public_key1: "<your_own_value>" ssh_public_key2: "<your_own_value>" ssh_public_key3: "<your_own_value>" trusthost1: "myhostname" trusthost10: "myhostname" trusthost2: "myhostname" trusthost3: "myhostname" trusthost4: "myhostname" trusthost5: "myhostname" trusthost6: "myhostname" trusthost7: "myhostname" trusthost8: "myhostname" trusthost9: "myhostname" two_factor: "disable" two_factor_authentication: "fortitoken" two_factor_notification: "email" vdom: - name: "default_name_98 (source system.vdom.name)" vdom_override: "enable" wildcard: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str system_admin: default: null description: - Configure admin users. suboptions: accprofile: description: - Access profile for this administrator. Access profiles control administrator access to FortiGate features. Source system.accprofile.name. type: str accprofile_override: choices: - enable - disable description: - Enable to use the name of an access profile provided by the remote authentication server to control the FortiGate features that this administrator can access. type: str allow_remove_admin_session: choices: - enable - disable description: - Enable/disable allow admin session to be removed by privileged admin users. type: str comments: description: - Comment. type: str email_to: description: - This administrator"s email address. type: str force_password_change: choices: - enable - disable description: - Enable/disable force password change on next login. type: str fortitoken: description: - This administrator"s FortiToken serial number. type: str guest_auth: choices: - disable - enable description: - Enable/disable guest authentication. type: str guest_lang: description: - Guest management portal language. Source system.custom-language.name. type: str guest_usergroups: description: - Select guest user groups. elements: dict suboptions: name: description: - Select guest user groups. type: str type: list gui_dashboard: description: - GUI dashboards. elements: dict suboptions: columns: description: - Number of columns. type: int id: description: - Dashboard ID. type: int layout_type: choices: - responsive - fixed description: - Layout type. type: str name: description: - Dashboard name. type: str permanent: choices: - disable - enable description: - Permanent dashboard (can"t be removed via the GUI). type: str scope: choices: - global - vdom description: - Dashboard scope. type: str vdom: description: - Virtual domain. Source system.vdom.name. type: str widget: description: - Dashboard widgets. elements: dict suboptions: fabric_device: description: - Fabric device to monitor. type: str fabric_device_widget_name: description: - Fabric device widget name. type: str fabric_device_widget_visualization_type: description: - Visualization type for fabric device widget. type: str fortiview_device: description: - FortiView device. type: str fortiview_filters: description: - FortiView filters. elements: dict suboptions: id: description: - FortiView Filter ID. type: int key: description: - Filter key. type: str value: description: - Filter value. type: str type: list fortiview_sort_by: description: - FortiView sort by. type: str fortiview_timeframe: description: - FortiView timeframe. type: str fortiview_type: description: - FortiView type. type: str fortiview_visualization: description: - FortiView visualization. type: str height: description: - Height. type: int id: description: - Widget ID. type: int industry: choices: - default - custom description: - Security Audit Rating industry. type: str interface: description: - Interface to monitor. Source system.interface.name. type: str region: choices: - default - custom description: - Security Audit Rating region. type: str title: description: - Widget title. type: str type: choices: - sysinfo - licinfo - forticloud - cpu-usage - memory-usage - disk-usage - log-rate - sessions - session-rate - tr-history - analytics - usb-modem - admins - security-fabric - security-fabric-ranking - sensor-info - ha-status - vulnerability-summary - host-scan-summary - fortiview - botnet-activity - fabric-device - fortimail description: - Widget type. type: str width: description: - Width. type: int x_pos: description: - X position. type: int y_pos: description: - Y position. type: int type: list type: list gui_global_menu_favorites: description: - Favorite GUI menu IDs for the global VDOM. elements: dict suboptions: id: description: - Select menu ID. type: str type: list gui_new_feature_acknowledge: description: - Acknowledgement of new features. elements: dict suboptions: id: description: - Select menu ID. type: str type: list gui_vdom_menu_favorites: description: - Favorite GUI menu IDs for VDOMs. elements: dict suboptions: id: description: - Select menu ID. type: str type: list hidden: description: - Admin user hidden attribute. type: int history0: description: - history0 type: str history1: description: - history1 type: str ip6_trusthost1: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost10: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost2: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost3: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost4: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost5: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost6: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost7: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost8: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str ip6_trusthost9: description: - Any IPv6 address from which the administrator can connect to the FortiGate unit. Default allows access from any IPv6 address. type: str login_time: description: - Record user login time. elements: dict suboptions: last_failed_login: description: - Last failed login time. type: str last_login: description: - Last successful login time. type: str usr_name: description: - User name. type: str type: list name: description: - User name. required: true type: str password: description: - Admin user password. type: str password_expire: description: - Password expire time. type: str peer_auth: choices: - enable - disable description: - Set to enable peer certificate authentication (for HTTPS admin access). type: str peer_group: description: - Name of peer group defined under config user group which has PKI members. Used for peer certificate authentication (for HTTPS admin access). type: str radius_vdom_override: choices: - enable - disable description: - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. type: str remote_auth: choices: - enable - disable description: - Enable/disable authentication using a remote RADIUS, LDAP, or TACACS+ server. type: str remote_group: description: - User group name used for remote auth. type: str schedule: description: - Firewall schedule used to restrict when the administrator can log in. No schedule means no restrictions. type: str sms_custom_server: description: - Custom SMS server to send SMS messages to. Source system.sms-server.name. type: str sms_phone: description: - Phone number on which the administrator receives SMS messages. type: str sms_server: choices: - fortiguard - custom description: - Send SMS messages using the FortiGuard SMS server or a custom server. type: str ssh_certificate: description: - Select the certificate to be used by the FortiGate for authentication with an SSH client. Source certificate.remote.name. type: str ssh_public_key1: description: - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str ssh_public_key2: description: - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str ssh_public_key3: description: - Public key of an SSH client. The client is authenticated without being asked for credentials. Create the public-private key pair in the SSH client application. type: str trusthost1: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost10: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost2: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost3: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost4: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost5: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost6: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost7: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost8: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str trusthost9: description: - Any IPv4 address or subnet address and netmask from which the administrator can connect to the FortiGate unit. Default allows access from any IPv4 address. type: str two_factor: choices: - disable - fortitoken - fortitoken-cloud - email - sms description: - Enable/disable two-factor authentication. type: str two_factor_authentication: choices: - fortitoken - email - sms description: - Authentication method by FortiToken Cloud. type: str two_factor_notification: choices: - email - sms description: - Notification method for user activation by FortiToken Cloud. type: str vdom: description: - Virtual domain(s) that the administrator can access. elements: dict suboptions: name: description: - Virtual domain name. Source system.vdom.name. type: str type: list vdom_override: choices: - enable - disable description: - Enable to use the names of VDOMs provided by the remote authentication server to control the VDOMs that this administrator can access. type: str wildcard: choices: - enable - disable description: - Enable/disable wildcard RADIUS authentication. type: str type: dict
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str