FortiManager can learn user group information from Active Directory using an FSSO Connector. If it has been some time since the FortiManager has queried the server, you may wish to bring user group information in FortiManager up-to-date by triggering a new query of the FSSO agent using the FSSO connector.

1. Follow the steps 1 to 5 from the article: Technical Tip: How to Refresh the FortiClient EMS Fabric Connector in FortiManager using the API.

2. Use the query below to update the FSSO Connector in FortiManager:

{
    "id": "1",
    "method": "exec",
    "params": [
        {
            "url": "sys/api/fsso",
            "data": {
                "adom": "{{ADOM}}",
                "user_fsso": "{{FSSO_Connector_Name}}"
            }
        }
    ]
}

3. Send the request.

Example response:

4. To check that user groups have been updated, go to: Fabric View -> External Connectors -> Select the FSSO Connector -> Edit -> lists updated user groups:

The newly fetched/updated FSSO Groups are available to be used under Policy & Objects.

Related documents:

• FSSO Connectors
• Technical Tip: Using FortiManager API
• Fortinet Development Network (FNDN) - FortiManager