Refer to the steps below.

1. Fabric View -> Create new fabric connector.
2. Assign the AD IP Address -> FSSO Password -> default port 8000.

FSSO:

3. When choosing the collector agent, there are two types the user/group will display. The setting can be viewed from the 'set directory access' information.
                                                                     

'Standard' shows the mydomain/mygroup.

'Advanced' shows the LDAP Distinguished Name.

The following screenshot from a lab test shows the standard settings:

There are 3 options to fetch the User Groups (adgrp) from the Collector Agent:

1. Collector Agent: Here FortiManager should be able to connect to Collector Agent directly to fetch the user groups.
2. Via FortiGate: Here the request will be sent from FortiManager to FortiGate, it is the FortiGate that will communicate with the Collector Agent and fetch the user groups. Later, fetched user groups will be imported/synced to FortiManager.
3. Local: It needs an LDAP server to be configured in FortiManager. FortiManager will connect to the LDAP server to fetch the user groups. Later, the admin must select the required user groups.
   
   Select the User Group Source and select OK. Later, select Apply & Refresh to fetch the User Groups.

4. After, create the following objects to assign to the policy rules.
   
   

5. From FortiGate, the FSSO object can be seen.
   
   

6. Verify from the FSSO side as it displays the FortiGate information and not the FortiManager information.