fsso

Forum|Forum|4 years ago
October 30, 2021
2 replies
5723 views

Hi,

I have couple of website and file sharing servers .

the website is integrated to active directory (ldap)

if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )

Thanks

Best answer by Heaven_Knows

sims wrote:
Hi,
I have couple of website and file sharing servers .
the website is integrated to active directory (ldap)
if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )
Thanks

fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in that AD domain network. It means, you logon your windows client PC and your username/group will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.

Heaven_KnowsAnswer

New Member

sims wrote:
Hi,
I have couple of website and file sharing servers .
the website is integrated to active directory (ldap)
if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )
Thanks

fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in that AD domain network. It means, you logon your windows client PC and your username/group will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.

simsAuthor

Explorer II

Hi,

you don't have to enter it again to access internet resources based on firewall policy user setup

The above part I did not understand. Assume there is a policy for user abc@test.com for internet accesing

The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the

credentials again

Thanks

Heaven_Knows

New Member

sims wrote:
Hi,
you don't have to enter it again to access internet resources based on firewall policy user setup
The above part I did not understand. Assume there is a policy for user abc@test.com for internet accesing
The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the
credentials again
Thanks

hi bro

if the firewall policy base on user/group to allow you to access to the internet, when you reach this policy, fortigate will redirect you to captive portal to enter authentication credential, but if fsso is implement and you have logged on to your PC with AD credential, it would not prompt for credential again.

hope this help

seshuganesh

Staff

Hi Team,

No its not that way.
FSSO cannot control what is happening at your website level.

It is simple, lets day if any user session passing through the firewall, if he is authenticated user means if firewall is able to recongnize that user, user can be able to access to access that specific session.

If the user is unauthenticated, and if the session is matching user based firewall policy then he will not be able to access the website.

It will make sure only the authenticated users can pass through the firewall if you add users in the specific firewall policy under source address field

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded