This article describes how to update the AD group of the FSSO user without logging out or logging in.

FortiGate, FortiProxy, FSSO.

By default, the user needs to log out and log in again on the workstation for the AD group changes, like removing or adding as a member, to update on the FSSO.

To update the AD group of the FSSO user automatically when there are changes to the AD group and without logging out or logging in to the workstation.

Open the FSSO agent. Change the Group lookup interval (in seconds) on the FSSO settings under Advance Settings - > General from 0 to 1.

Update the interval as per the requirement. By default, this is 0 means no checking.

This is only applicable to the FSSO agent and FSSO DC agent setup:

For  FortiGate to initiate automation sync for FSSO groups, change the default of the group-poll-interval (0 minutes, which is equivalent to do not poll) to a value within 1-2880 via the CLI as follows:

config user fsso
    edit <name>
        set group-poll-interval {integer}

    end

    end

Alternatively, using the two methods below can manually refresh FSSO on FortiGate:

1. Navigate to Security Fabric -> External Connectors -> FSSO Agent on Windows AD, select to see the configurations, and then select Apply & Refresh.
2. Run the CLI command:

execute fsso refresh