Not able to handle AD / LDAP Groups for permissions on SSL VPN

Hey Board,

I hope you can help me and to all Admins on the Board, thanks for adding .. 

I have create a Specific AD group (VPN) with different Users as member. I wan't that only this Members can open a SSL VPN Connection to my Fortinet Firewall. Actualy all AD Users on: OU=USERS,OU=Company,DC=Companyag,DC=LOCAL are able to open a VPN Tunnel

So, i tried multiple things back and forward without any Success.. Is there a Manual or something wo specially handle Permissions not User based? Or do someone allready setup this ? 

Thanks for your Feedback