FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to define group based authorization restriction using Radius NPS Server.

In the below scenario, admin wants to allow only 'IT' group to match the Rule defined on FortiGate to match SSL VPN Portal.
As Radius on FortiGate works with Vendor Specific Attributes, it is necessary to set the Group name with attribute number '1' for group name.

In the below screenshot, group name with attribute number '1' string has been defined as 'IT' in the NPS Policy on Active Directory server.

So, as attribute number 1 has been defined as IT, FortiGate checks for Group name as IT and matches the Rule.

Firewall configuration for user group:

So, with above config the users part of group 'IT' would be matching the rule respectively for SSL VPN access.

Related Articles

Technical Tip: Fortinet RADIUS attribute