Fortinet black logo

Cookbook

Home FortiGate / FortiOS 6.0.0 Cookbook

Setting up your FortiGate for FSSO

6.0.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:374938
Download PDF

Setting up your FortiGate for FSSO

Because you have installed FSSSO in advanced mode, you need to configure LDAP to use with FSSO.

  1. To configure the LDAP service, go to User & Device > LDAP Servers and select Create New.
  2. Enter all information about your LDAP server. Select Test Connectivity. If your information is correct, Connection status is Successful.

  3. Create a Fabric Connector to the FSSO agent by going to Security Fabric > Fabric Connectors and select + Create New.
  4. Under SSO/Identity, select Fortinet Single Sign-On Agent.
  5. Set the Name and enter the IP address and password for the Primary FSSO Agent.
  6. Set Collector Agent AD access mode to Advanced and set LDAP Server to the new LDAP service.

  7. Your FortiGate displays information retrieved from the AD server. Select Groups, then right-click the FSSO group and select + Add Selected.
  8. Select Selected.

    9. The FSSO group is shown.

  9. To create a user group for FSSO users, go to User & Device > User Groups and select Create New.
  10. Enter a group Name and set Type to Fortinet Single Sign-On (FSSO). Add the FSSO users to Members.

  11. To create a policy for FSSO users, go to Policy & Objects > IPv4 Policy and select Create New.
  12. For Source, set User to the FSSO user group.

Previous
Next

Setting up your FortiGate for FSSO

Because you have installed FSSSO in advanced mode, you need to configure LDAP to use with FSSO.

  1. To configure the LDAP service, go to User & Device > LDAP Servers and select Create New.
  2. Enter all information about your LDAP server. Select Test Connectivity. If your information is correct, Connection status is Successful.

  3. Create a Fabric Connector to the FSSO agent by going to Security Fabric > Fabric Connectors and select + Create New.
  4. Under SSO/Identity, select Fortinet Single Sign-On Agent.
  5. Set the Name and enter the IP address and password for the Primary FSSO Agent.
  6. Set Collector Agent AD access mode to Advanced and set LDAP Server to the new LDAP service.

  7. Your FortiGate displays information retrieved from the AD server. Select Groups, then right-click the FSSO group and select + Add Selected.
  8. Select Selected.

    9. The FSSO group is shown.

  9. To create a user group for FSSO users, go to User & Device > User Groups and select Create New.
  10. Enter a group Name and set Type to Fortinet Single Sign-On (FSSO). Add the FSSO users to Members.

  11. To create a policy for FSSO users, go to Policy & Objects > IPv4 Policy and select Create New.
  12. For Source, set User to the FSSO user group.

Previous
Next