Hi All, I am writing to inquire about a challenge I've encountered while implementing Fortinet Single Sign-On (FSSO) on my FortiProxy in a lab environment.Current SetupI have successfully integrated the FSSO Collector Agent in DC Agent mode with my Active Directory (AD) and Domain Controller (DC) servers.However, when attempting to define a user object of FSSO type under the User Definition submenu, only AD Groups are generated. I am unable to select specific AD Users.QuestionsDoes the FSSO configuration on FortiProxy differ from that on FortiGate? On FortiGate, I can define FSSO users by selecting specific AD Users under User Definition. This does not appear to be the case with FortiProxy.If defining FSSO users by specific AD User is not possible on FortiProxy, how can I implement FSSO in FortiProxy policies? I have several proxy policies that require source addresses to be defined by specific AD Users. I would appreciate any insights or guidance you can provide to resolve this issue.Thank you for your time and assistance.Sincerely,Nara

New Member

Question

FortiProxy FSSO Implementation Challenge - User Object Definition

Forum|Forum|1 year ago
February 14, 2025
1 reply
1827 views

Hi All,

I am writing to inquire about a challenge I've encountered while implementing Fortinet Single Sign-On (FSSO) on my FortiProxy in a lab environment.

Current Setup

I have successfully integrated the FSSO Collector Agent in DC Agent mode with my Active Directory (AD) and Domain Controller (DC) servers.
However, when attempting to define a user object of FSSO type under the User Definition submenu, only AD Groups are generated. I am unable to select specific AD Users.

Questions

Does the FSSO configuration on FortiProxy differ from that on FortiGate? On FortiGate, I can define FSSO users by selecting specific AD Users under User Definition. This does not appear to be the case with FortiProxy.
If defining FSSO users by specific AD User is not possible on FortiProxy, how can I implement FSSO in FortiProxy policies? I have several proxy policies that require source addresses to be defined by specific AD Users.

I would appreciate any insights or guidance you can provide to resolve this issue.

Thank you for your time and assistance.

Sincerely,

Nara

FortiProxy

rbraha

Staff

Hi @Nara

You can specify user group info where this user is part in AD ,no need to import specific user as FSSO , check the guide below it might help.

https://docs.fortinet.com/document/fortiproxy/7.6.0/fortiproxy-authentication-guide/9081/using-single-sign-on-with-the-fsso-agent

NaraAuthor

New Member

Hi @rbraha ,

Thank you for your answer!

I need to create a user-specific policy. If I implement your suggestion, where the source object in the proxy policy is based on a user group in Active Directory, the proxy policy I create will affect all users in that group, whereas I only want it to affect one user. Is it possible for the source object to be a specific user with FSSO user type? Because when I check the User Definition configuration on Fortigate, we can define users specifically with the FSSO user type.

Sincerely,

Nara

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded