FORTISOAR - Active Directory connector dosen't support Kerberos authentication

Hello,

We are trying to use the SOAR Active Directory connector, but we are facing an issue. We have created a highly privileged account in the domain so that it can apply the necessary changes to various AD objects. However, accounts with such privileges are, according to our policy, members of the “Protected Users” security group. This group enforces stronger protections on its members, including disabling NTLM authentication. As a result, the account used for the connector is required to use Kerberos.
 

However, based on our observations, it seems that Kerberos is not being used by the connector. According to our logs, we see an event with eventCode 4625 (login failed) indicating that the authentication method used is NTLM. The log details state:
“Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions),” which confirms that NTLM is being blocked in this case.

Additionally, the authentication package MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 confirms that NTLM is being used, which does not work since our account cannot authenticate using this protocol.
 

Is there a way to force the connector to use Kerberos for authentication instead of falling back to NTLM?

Thank you.