Capabilities
| Resource | Sync | Provision |
|---|---|---|
| Users (management admins) | ||
| Admin profiles (roles) |
Gather FortiManager credentials
The connector talks to the FortiManager JSON-RPC API at<base-url>/jsonrpc.
It supports two authentication modes; configure one.
API-token auth (FortiManager 7.2.2+) sends the token as an HTTP
Authorization: Bearer header and stores it as a masked secret in C1.
Session auth sends the username and password to /sys/login/user to
obtain a session key; the password field is not masked. Prefer API-token
auth when possible.Option 1 — API token (FortiManager 7.2.2+)
Create an API user
In FortiManager, create an administrator with RPC Permit (JSON API
Access) enabled and Trusted Hosts restricted to the C1 egress range.
Option 2 — Username and password (session auth)
Configure the connector
| Field | Required | Description |
|---|---|---|
| Base URL | Yes | FortiManager host origin, e.g. https://fortimanager.example.com. |
| API token | One of | API token for token auth (7.2.2+). |
| Username | One of | Admin login name for session auth. |
| Password | One of | Admin password for session auth. |
Notes
- ADOM mode does not change the global admin scope; the connector reads
/cli/global/system/admin/userand/cli/global/system/admin/profile. - FortiManager often uses a self-signed certificate. The JSON-RPC transport has no insecure-TLS toggle; add the FortiManager CA to the trust store of the environment running the connector.