The following options are available:
In the Create New SSO User or Create New SSO Group window, enter a name for the user or group, then select OK.
|Import||Import SSO users or groups from a remote LDAP server.|
|Delete||Delete the selected users or groups.|
|Edit||Edit the selected user or group.|
|Name||The SSO user or group names.|
|Created/Imported||Displays whether or not the user or user group was created or imported.|
FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.
- In the SSO Users or SSO Groups list, select Import.
- In the Import SSO Users or Import SSO Groups window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Browse.
- In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Browse. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.
An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.
- Optionally, edit the Distinguished name. This field is automatically filled when you select a remote LDAP server from the Remote LDAP Server dropdown.
- Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.
- The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select User attributes to edit the remote LDAP user mapping attributes.
- Select the entries you want to import.
- Optionally, select a logo from the FortiToken Logo dropdown menu to associate the imported users with the specified logo. This logo is displayed beside the one-time password in FortiToken. See FortiTokens for more information.
- Optionally, select an IAM account from the IAM Account dropdown to associate the imported users with the specified IAM account. See Identity and Account Management (IAM).
- Select OK to import the users or groups.
The Import SSO Users or Import SSO Groups window opens in a new browser window.
uid=j* returns only user IDs beginning with “j”.
Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.