VPN+SSO possible?

Hello! I am searching for possibilities to configure client VPN with SSO. So far I don' t understand if this is possible at all, can' t find any example from Fortinet docs. I tried to start doing client VPN and use Radius SSO group, but just got stuck somewhere: the SSO user group that I defined couldn' t be selected for phase1-interface. In addition to that, I found fortios-handbook-50.pdf from http://docs.fortinet.com/d/fortigate-fortios-handbook which has such information: --- Page 482: The Fortinet Single Sign On (FSSO) agent enables FortiGate units to authenticate these network users for security policy or VPN access without asking them again for their username and password. /---/ The FSSO user groups that you created are used in security policies and VPN configurations to provide access to different services and resources. Page 508: FSSO user groups cannot have SSL VPN or dialup IPsec VPN access. --- Does that mean that SSO can' t be used for VPN or what? Cookbook 507 also didn' t have any such recipe. I have set up IPSEC and SSL VPNs for clients (for FortiClient and Shrew) with AD authentication (LDAP and Radius) and local authentication several times so I have that knowledge to go on with, but I have no experience with SSO, hence my noob question :)