Created on
08-08-2022
10:51 PM
Edited on
02-11-2025
05:56 AM
By
Jean-Philippe_P
Description | This article explains how to configure an identity-based firewall policy for specific LDAP users, but without prompting the users for credentials if already logged in to the LDAP server. |
Scope |
FortiOS and FSSO Agent. |
Solution |
Method 1: Once the users are logged into the domain using the units, the FSSO Collector Agent will grab the information and relay it to FortiGate.
Once FortiGate receives the user information, it will not prompt for credentials again. Usually, it is done by 'User Group' information on the LDAP server.
But to configure this, only for certain LDAP users, there is a slight difference in how FSSO is configured.
It is necessary to play around with the LDAP filter to get what the users want. Then assign the users directly to firewall policies. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.