Technical Tip: Process FSSO logins on FortiGate in UPN format (UserName)

Description

This article describes the necessary configuration for FSSO logins to be processed in UPN(userPrincipalName) on FortiGate. 

The required configuration and permissions are listed from collector agent and active directory. 

Scope

FortiGate.

Solution

• The UPN is in the format of username@domain.com, which makes it easier for users to remember the login formats
• In this article the user account used is 'fsso_srv'.
• This user account 'fsso_srv' is part of Domain users.
• The mode used is polling mode with 'windows security event logs'.
• External connector is to be added on the FortiGate as per requirement and if required user groups can also be specified as per the FSSO external connector config. 

Step 1: Create a registry key.

Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fortinet\FASE\Collectoragent and create a new key of type string. The key's name should be 'displayname', and data should be 'UserPrincipalName'.

Step 2: Under Advanced settings, the event ID to poll should be set to 1. Alter the required event IDs as required. Refer to Event IDs used in FSSO.

Step 3: For the user account 'fsso_srv', it is needed to assign read/write permissions so that event logs are read and written to the collector eventlog.

Add the permission to the Collector agent, set this to full control. 

Note: Giving full control to FSAE will as well propagate the changes to any mode enabled.

Step 4: As the 'eventlog' polling mode is used, it is necessary to allow permissions as 'eventlog reader role' for the specified user account.

The FortiGate will now show the events being processed in UPN format.