Description
This article describes how to configure the ignore user list directly in FortiAuthenticator for FSSO/SSO method.
Scope
FortiAuthenticator, FSSO, ignore user list, exempt user in FSSO.
Solution
One best practice in FSSO is to set up an ignore user list for service accounts.
- Import SSO User: access to SSO -> SSO Users -> Import.
Select the Remote LDAP server, and select OK.
A new window will appear, expand the tree, find and select the users to ignore, then select OK.
- Configure the ignore user list. Previously selected users will appear as imported, then go to the menu: SSO -> General -> Fortinet Single Sign-On (FSSO) -> Maximum concurrent user sessions -> Select (configure Per User/Group).
At the top right in SSO Users, mark the users to ignore and then select Exclude from SSO.
Choose 'Do not affect current user when excluded user logs in' and select OK. Now, those users will appear as excluded from SSO.
In the v6.6 branch:
- Import SSO User: access to Fortinet SSO -> Filtering -> SSO Users select Import.
Select the Remote LDAP server, and select Import.
A new window will appear, expand the tree, find and select the users to ignore, then select OK.
- Configure the ignore user list. Previously selected users will appear as imported, then go to the menu: Fortinet SSO -> Settings -> Methods -> Maximum concurrent user sessions, select Fine-grained control.
At the top, select SSO Users, mark the users to ignore, and then select Exclude from SSO.
Choose 'Do not affect current user when excluded user logs in' and select OK.
These users will appear as excluded from SSO.
