Single Sign-on

MohaDarw · ‎10-01-2015

Hello there, I am facing an issue withe Single Sign-on when connecting it to FSSO Agent.

The thing that I am facing is the status thing is always in grey with an X sign which means that there is an issue or a thing that I have left behind. Note: The groups are being shown but when connecting these users or groups to a policy I won't be able to access internet knowing that I use the same policy but on LDAP users and internet is working.

Can any one assest and for further question or any detail please ask.

Thank you for your help

mnantel_FTNT · ‎10-02-2015

Hey Mohammad,

Are you using the integrated FSSO agent in FortiOS or are you using the external FSSO collector agent? I would recommend the later - it is generally more scalable and has more configuration option that make it ultimately flexible.

You can download the FSSO collector agent on our support site. From that point, you can install it on a member server (you certainly do not have to install it on a DC) and then point the FortiGate to that IP using the shared secret defined on the collector agent. If you want to configure groups for FSSO directly on FortiOS, you have to create an LDAP definition on FortiOS and attach it to the FSSO Collector Agent configuration in order to be able to pick groups directly from within FortiOS. Otherwise, group filtering must be done on the collector agent. I recommend you configure the collector agent in Advanced mode (which uses FQDN nomenclature for accounts and supports nested groups) rather than Standard mode (the old DOMAIN/USER nomenclature).

I hope this helps!

Mat

--

Mathieu Nantel - NSE4, CCIE 24349

Principal System Engineer / Consultant Technique Senior, Office of the CTO

-- Mathieu Nantel Systems Engineer / Conseiller Technique - Fortinet Montreal, QC

MohaDarw · ‎10-05-2015

Thank you sir for your help. It worked fine with me and everything is fine.