Description
Solution
For small entry level FortiGate models such as the FortiGate 30D or FortiGate 40C which are using FortiOS Lite, there are many features unavailable on the GUI and can only be used through the CLI.
This article shows how to configure FSSO using CLI and how to make the FSSO user group be seen on the GUI after it has been configured.
This article shows how to configure FSSO using CLI and how to make the FSSO user group be seen on the GUI after it has been configured.
Solution
FSSO can be configured via CLI as follows:
config user fsso
edit "FSSO_Name"
set server x.x.x.x
set <password>
next
end
where x.x.x.x is the IP address of the Domain Controller which has the FSSO Collector Agent installed.
An FSSO user group can now be configured on the GUI by going to User & Device > User > User Groups. Select 'Create New' and type 'Fortinet Single Sign-On'. Normally, the user group will be shown if the FSSO is configured via GUI. However, for small entry level FortiGates, it will not be shown.
To make the user group appear for FortiOS lite, the following command must be executed to refresh the FSSO user group:
config user fsso
edit "FSSO_Name"
set server x.x.x.x
set <password>
next
end
where x.x.x.x is the IP address of the Domain Controller which has the FSSO Collector Agent installed.
An FSSO user group can now be configured on the GUI by going to User & Device > User > User Groups. Select 'Create New' and type 'Fortinet Single Sign-On'. Normally, the user group will be shown if the FSSO is configured via GUI. However, for small entry level FortiGates, it will not be shown.
To make the user group appear for FortiOS lite, the following command must be executed to refresh the FSSO user group:
execute fsso refresh
