FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 306513
Description This article describes how to initiate a manual/automation sync for SSO Groups.
Scope FortiOS, FSSO.

After connecting the external connector, if View User/Groups is selected, it is possible to observe what groups are being passed from the FSSO agent.

If a change is made to the groups being monitored on FSSO, this change may not be immediately reflected on the FortiGate's GUI via Security Fabric --> Fabric Connectors --> edit FSSO connector --> Select View Users/Groups:

Alternatively, it may not be visible via the CLI using the following command:


get user adgrp


As a result, it is possible to force a refresh manually by issuing the following command via CLI:


exec fsso refresh


For an automatic process, change the default of the group-poll-interval (0 minutes which is equivalent to do not poll) to a value within 1-2880 via the CLI as follows:


Configure Fortinet Single Sign On (FSSO) agents:


config user fsso
    edit <name>
        set group-poll-interval {integer}



Related document: 

config user fsso

Troubleshooting Tip: FSSO Complete troubleshooting for TAC tickets