Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Quint021
Staff
Staff

Created on ‎03-25-2024 10:52 PM Edited on ‎03-25-2024 10:52 PM By Community Manager

Article Id 306513

Technical Tip: SSO Group Manual/Automatic Sync

Description This article describes how to initiate a manual/automation sync for SSO Groups.
Scope FortiOS, FSSO.
Solution

After connecting the external connector, if View User/Groups is selected, it is possible to observe what groups are being passed from the FSSO agent.

If a change is made to the groups being monitored on FSSO, this change may not be immediately reflected on the FortiGate's GUI via Security Fabric --> Fabric Connectors --> edit FSSO connector --> Select View Users/Groups:

Alternatively, it may not be visible via the CLI using the following command:

 

get user adgrp

 

As a result, it is possible to force a refresh manually by issuing the following command via CLI:

 

exec fsso refresh

 

For an automatic process, change the default of the group-poll-interval (0 minutes which is equivalent to do not poll) to a value within 1-2880 via the CLI as follows:

 

Configure Fortinet Single Sign On (FSSO) agents:

 

config user fsso
    edit <name>
        set group-poll-interval {integer}

    end

    end

Related document: 

config user fsso

Troubleshooting Tip: FSSO Complete troubleshooting for TAC tickets
152
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.