fortinet.fortios.fortios_user_group – Configure user groups in Fortinet’s FortiOS and FortiGate.

Note

This plugin is part of the fortinet.fortios collection (version 2.1.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios.

To use it in a playbook, specify: fortinet.fortios.fortios_user_group.

New in version 2.10: of fortinet.fortios

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify user feature and group category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9.0

Parameters

Parameter			Choices/Defaults	Comments
access_token string				Token-based authentication. Generated from GUI of Fortigate.
enable_log boolean			Choices: no ← yes	Enable/Disable logging for task.
state string / required			Choices: present absent	Indicates whether to create or remove the object.
user_group dictionary				Configure user groups.
	auth_concurrent_override string		Choices: enable disable	Enable/disable overriding the global number of concurrent authentication sessions for this user group.
	auth_concurrent_value integer			Maximum number of concurrent authenticated connections per user (0 - 100).
	authtimeout integer			Authentication timeout in minutes for this user group. 0 to use the global user setting auth-timeout.
	company string		Choices: optional mandatory disabled	Set the action for the company guest user field.
	email string		Choices: disable enable	Enable/disable the guest user email address field.
	expire integer			Time in seconds before guest user accounts expire. (1 - 31536000 sec)
	expire_type string		Choices: immediately first-successful-login	Determine when the expiration countdown begins.
	group_type string		Choices: firewall fsso-service rsso guest	Set the group to be for firewall authentication, FSSO, RSSO, or guest users.
	guest list / elements=string			Guest User.
		comment string		Comment.
		company string		Set the action for the company guest user field.
		email string		Email.
		expiration string		Expire time.
		id integer		Guest ID.
		mobile_phone string		Mobile phone.
		name string		Guest name.
		password string		Guest password.
		sponsor string		Set the action for the sponsor guest user field.
		user_id string		Guest ID.
	http_digest_realm string			Realm attribute for MD5-digest authentication.
	id integer			Group ID.
	match list / elements=string			Group matches.
		group_name string		Name of matching group on remote authentication server.
		id integer / required		ID.
		server_name string		Name of remote auth server. Source user.radius.name user.ldap.name user.tacacs+.name.
	max_accounts integer			Maximum number of guest accounts that can be created for this group (0 means unlimited).
	member list / elements=string			Names of users, peers, LDAP severs, or RADIUS servers to add to the user group.
		name string / required		Group member name. Source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user .pop3.name.
	mobile_phone string		Choices: disable enable	Enable/disable the guest user mobile phone number field.
	multiple_guest_add string		Choices: disable enable	Enable/disable addition of multiple guests.
	name string / required			Group name.
	password string		Choices: auto-generate specify disable	Guest user password type.
	sms_custom_server string			SMS server. Source system.sms-server.name.
	sms_server string		Choices: fortiguard custom	Send SMS through FortiGuard or other external server.
	sponsor string		Choices: optional mandatory disabled	Set the action for the sponsor guest user field.
	sso_attribute_value string			Name of the RADIUS user group that this local user group represents.
	user_id string		Choices: email auto-generate specify	Guest user ID type.
	user_name string		Choices: disable enable	Enable/disable the guest user name entry.
vdom string			Default: "root"	Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure user groups.
    fortios_user_group:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      user_group:
        auth_concurrent_override: "enable"
        auth_concurrent_value: "4"
        authtimeout: "5"
        company: "optional"
        email: "disable"
        expire: "8"
        expire_type: "immediately"
        group_type: "firewall"
        guest:
         -
            comment: "Comment."
            company: "<your_own_value>"
            email: "<your_own_value>"
            expiration: "<your_own_value>"
            id:  "16"
            mobile_phone: "<your_own_value>"
            name: "default_name_18"
            password: "<your_own_value>"
            sponsor: "<your_own_value>"
            user_id: "<your_own_value>"
        http_digest_realm: "<your_own_value>"
        id:  "23"
        match:
         -
            group_name: "<your_own_value>"
            id:  "26"
            server_name: "<your_own_value> (source user.radius.name user.ldap.name user.tacacs+.name)"
        max_accounts: "28"
        member:
         -
            name: "default_name_30 (source user.peer.name user.local.name user.radius.name user.tacacs+.name user.ldap.name user.adgrp.name user.pop3.name)"
        mobile_phone: "disable"
        multiple_guest_add: "disable"
        name: "default_name_33"
        password: "auto-generate"
        sms_custom_server: "<your_own_value> (source system.sms-server.name)"
        sms_server: "fortiguard"
        sponsor: "optional"
        sso_attribute_value: "<your_own_value>"
        user_id: "email"
        user_name: "disable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
build string	always	Build number of the fortigate image Sample: 1547
http_method string	always	Last method used to provision the content into FortiGate Sample: PUT
http_status string	always	Last result given by FortiGate on last operation applied Sample: 200
mkey string	success	Master key (id) used in the last call to FortiGate Sample: id
name string	always	Name of the table used to fulfill the request Sample: urlfilter
path string	always	Path of the table used to fulfill the request Sample: webfilter
revision string	always	Internal revision number Sample: 17.0.2.10658
serial string	always	Serial number of the unit Sample: FGVMEVYYQT3AB5352
status string	always	Indication of the operation's result Sample: success
vdom string	always	Virtual domain used Sample: root
version string	always	Version of the FortiGate Sample: v5.6.3

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/fortinet/fortios/fortios_user_group_module.html

Docs

Docs4dev

Title here