Hello,I’m facing an issue with FSSO on FortiGate.Scenario:FSSO is configured and connected correctly.When I run: diagnose debug authd fsso listI can see all logged-in users that FSSO knows about.However:The firewall does not recognize these users in policies.The users are not usable for authentication-based rules.They only become available after I manually refresh/pull users from the GUI.this photo how i pulled into firewall My Question:Is there a way to pull/import FSSO users into FortiGate via CLI or API instead of using the GUI?Specifically:Is there a CLI command to force FortiGate to sync FSSO users?Can this be done via REST API?Is there a debug command that forces the firewall to populate the user table? Any guidance would be appreciated.Thank you.FortiGate #FSSO

HusseinElsaka

New Member

Question

FSSO users visible in authd but not available to firewall policies unless manually pulled it by GUI

Forum|Forum|3 months ago
March 1, 2026
2 replies
318 views

Hello,

I’m facing an issue with FSSO on FortiGate.

Scenario:

FSSO is configured and connected correctly.
When I run:

diagnose debug authd fsso list

I can see all logged-in users that FSSO knows about.

However:

The firewall does not recognize these users in policies.
The users are not usable for authentication-based rules.
They only become available after I manually refresh/pull users from the GUI.
this photo how i pulled into firewall

My Question:

Is there a way to pull/import FSSO users into FortiGate via CLI or API instead of using the GUI?

Specifically:

Is there a CLI command to force FortiGate to sync FSSO users?
Can this be done via REST API?
Is there a debug command that forces the firewall to populate the user table?

Any guidance would be appreciated.

Thank you.
FortiGate #FSSO

AEK

SuperUser

Hi Hussein

Which guide did you follow to setup the FSSO?

AEK

HusseinElsakaAuthor

New Member

Hi AEK,

Actually, I didn’t follow a specific FSSO setup guide myself. I’m working on this environment for a client.

My role was to develop a script to create user-based policies (User ID based) instead of IP-based policies.

Right now, I’m trying to find a way (via API or CLI command) to pull/import the FSSO users into the firewall so they can be used in policies without having to manually pull them from the GUI.

If there is a recommended method or guide for that part specifically, please let me know.

Best regards,
Hussein

AEK

SuperUser

Hi Hussein

There is more than one FSSO methods. There is DC agent mode, Collector agent, Agentless, ..., and you need to know at least which method is used in your environment so you can start troubleshooting.

As per my experience the Collector agent mode (or polling mode) is the recommended one, for its efficiency while it doesn't require any agent on the DC itself.

AEK

HusseinElsakaAuthor

New Member

Hi AEK,

In our environment we are using FSSO Polling mode (Agentless)

AEK

SuperUser

Hello Hussein

As per my humble experience the agentless mode never gave me good result.

Try use agent mode instead.

AEK

Scenario:

My Question:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded