Technical Tip: How FortiAuthenticator counts user licenses for FSSO users
Description
This article explains why the number of FSSO sessions may appear to be more than the allowed users by license when looking at GUI -> Monitor -> SSO -> SSO Sessions.
Scope
FortiAuthenticator
Solution
This is expected since the FortiAuthenticator creates a new SSO session received from multiple NIC cards of the same host with the same user, but the license will be counted as 1.
For example:
This is illustrated in the following screenshots.
FortiAuthenticator will create 3 sessions for the same user with different IP addresses, but the license will be counted as only 1 user.
For example:
| Workstation name | Username | IP Address |
| OXYGEN-KVM24 | FACUSER | 169.254.227.76 |
| OXYGEN-KVM24 | FACUSER | 169.254.119.110 |
| OXYGEN-KVM24 | FACUSER | 10.5.23.153 |
This is illustrated in the following screenshots.
Since it is common for a workstation to have more NIC cards + IP associated with the same host and DNS would resolve host1.localdomain.local -> both IP addresses registered for this machine in DNS.
FortiAuthenticator will create 3 sessions for the same user with different IP addresses, but the license will be counted as only 1 user.