Technical Note - Adding a new FSSO group to FortiManager
Description
Solution
This article describes how to add a new FSSO group to FortiManager.
Solution
It is assumed that FSSO is set up and working correctly on the DC, on the FortiGate, and on the FortiManager. You have created A new user group has been created in Active Directory and a corresponding user group should now be created in the FortiManager. This is accomplished as follows:
1. Add the group to AD and ensure that it is listed under "monitored groups" in the FSSO agent.
2. Import the group from AD to the FortiGate with the FortiGate CLI command "exec fsso refresh".
3. Import the group from the FortiGate to the FortiManager device database by re-importing the configuration from within the revision history.
4. Import the group from the FortiManager's device database to its ADOM database by clicking "Retrieve FSSOs" within Policy & Object > User & Device > Single Sign On.
5. Create a remote user group on the FortiManager ADOM database referencing the imported group.
1. Add the group to AD and ensure that it is listed under "monitored groups" in the FSSO agent.
2. Import the group from AD to the FortiGate with the FortiGate CLI command "exec fsso refresh".
3. Import the group from the FortiGate to the FortiManager device database by re-importing the configuration from within the revision history.
4. Import the group from the FortiManager's device database to its ADOM database by clicking "Retrieve FSSOs" within Policy & Object > User & Device > Single Sign On.
5. Create a remote user group on the FortiManager ADOM database referencing the imported group.