Fortinet black logo

Administration Guide

FortiGate filtering

FortiGate filtering

If you are providing FSSO to only certain groups on a remote LDAP server, you can filter the polling information so that it includes only those groups, or organizational units (OU).

To view a list of the FortiGate group filters, go to Fortinet SSO Methods > SSO > FortiGate Filtering.

To create a new filter:
  1. From the FortiGate filters select Create New.
  2. The Create New FortiGate Filter window opens.

  3. Enter the following information:
    Name Enter a name in the Name field to identify the filter.
    FortiGate name/IP Enter the FortiGate unit’s FQDN or IP address.
    Description Optionally, enter a description of the filter.
    IP Filtering

    Select to enable IP filtering for this service.

    Choose the desired IP filtering rules from the Available IP filtering rules box and move them to the Selected IP filtering rules box.

    Note: If you have not yet configured IP filtering rules, you can select the [Create new rule] option in the Available IP filtering rules box, or create them under Fortinet SSO Methods > SSO > IP Filtering Rules (see IP filtering rules for more information).

    Domain Grouping Filtering

    Select to enable forwarding FSSO information for users from only the selected domain groupings.

    See Domain groupings for more information.

    Fortinet Single Sign-On (FSSO)

    Select to enable forwarding FSSO information for users from only the specific subset of users, groups, or containers.

    Select Create New under SSO Filtering Objects, enter a name to identify the policy, and select from the following object types:

    • Group: Specifies the DN of a group. All users who are members of that group must be included in SSO.
    • Group container: Specifies the DN of an LDAP container, e.g. OU. All users who are members of a group under that container or one of its sub-containers must be included in SSO.
    • User: Specifies the DN of a user. This user must be included in SSO.
    • User container: Specifies the DN of an LDAP container, e.g. OU. All users who are under that container or one of its sub-containers must be included in SSO.
    • User and group container: Specifies the DN of an LDAP container, e.g. OU. It is the union of the user and the group containers.

    You can also use the Import option to import an existing object.

    To select individual groups in FortiGate policies, each AD group must be imported and listed in the FortiGate filter.

  4. Select OK to create the new FortiGate group filter.

FortiGate filtering

If you are providing FSSO to only certain groups on a remote LDAP server, you can filter the polling information so that it includes only those groups, or organizational units (OU).

To view a list of the FortiGate group filters, go to Fortinet SSO Methods > SSO > FortiGate Filtering.

To create a new filter:
  1. From the FortiGate filters select Create New.
  2. The Create New FortiGate Filter window opens.

  3. Enter the following information:
    Name Enter a name in the Name field to identify the filter.
    FortiGate name/IP Enter the FortiGate unit’s FQDN or IP address.
    Description Optionally, enter a description of the filter.
    IP Filtering

    Select to enable IP filtering for this service.

    Choose the desired IP filtering rules from the Available IP filtering rules box and move them to the Selected IP filtering rules box.

    Note: If you have not yet configured IP filtering rules, you can select the [Create new rule] option in the Available IP filtering rules box, or create them under Fortinet SSO Methods > SSO > IP Filtering Rules (see IP filtering rules for more information).

    Domain Grouping Filtering

    Select to enable forwarding FSSO information for users from only the selected domain groupings.

    See Domain groupings for more information.

    Fortinet Single Sign-On (FSSO)

    Select to enable forwarding FSSO information for users from only the specific subset of users, groups, or containers.

    Select Create New under SSO Filtering Objects, enter a name to identify the policy, and select from the following object types:

    • Group: Specifies the DN of a group. All users who are members of that group must be included in SSO.
    • Group container: Specifies the DN of an LDAP container, e.g. OU. All users who are members of a group under that container or one of its sub-containers must be included in SSO.
    • User: Specifies the DN of a user. This user must be included in SSO.
    • User container: Specifies the DN of an LDAP container, e.g. OU. All users who are under that container or one of its sub-containers must be included in SSO.
    • User and group container: Specifies the DN of an LDAP container, e.g. OU. It is the union of the user and the group containers.

    You can also use the Import option to import an existing object.

    To select individual groups in FortiGate policies, each AD group must be imported and listed in the FortiGate filter.

  4. Select OK to create the new FortiGate group filter.