Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎10-19-2021 09:52 AM Edited on ‎04-08-2022 01:32 PM

Article Id 189852

Technical Tip: Configuring remote sync rules in FortiAuthenticator to populate groups automatically from LDAP directory

Description

This article describes how to configure remote sync rule in Fortiauthenticator to populate groups automatically from LDAP directory 
In this example, user1 and user2  that are part of the ‘IT’ security group in AD .Via the remote sync rule we will associate those users to the FAC user group : TESTGROUP 
 
Related document. 


Solution

1) Creating the group.
Go to Authentication -> User Management -> Remote User Sync Rules.
 
 
 
 
 
2) Create the remote sync rule 'Test Sync Rule' with the LDAP syntax filter.
3) In the drop down menu : Group to associate users with select the created group :TESTGROUP.
 
 
 
 
4) Run the manual sync : Authentication -> User Management -> Remote User Sync Rules -> Manual Sync Tab.
5) Check the results in the user group, the users are added.
 
 
 
 
Notes.
LDAP filter syntax used: 
 
(&(objectCategory=user)(memberOf:1.2.840.113556.1.4.1941:=CN=IT,CN=Users,DC=forti,DC=lab))

Related Articles

Technical Tip: LDAP filter syntax

Technical Tip: LDAP filter syntax for groups and remote user sync rules

609
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.