Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
haziqsulaiman
Staff
Staff

Created on ‎10-23-2025 01:51 AM

Article Id 416273

Troubleshooting Tip: Cannot poll certain user group from FSSO Connector

Description

This article describes the troubleshooting steps that can be taken if some user groups cannot be polled from FSSO Connector in FortiManager.
Scope FortiManager.
Solution

In the example below, FSSO Agent (FortiAuthenticator / FAC2) has three groups configured:

  • testgrp1
  • testgrpA
  • testgrpB

 

1.FAC group.jpg

 

However, when checked in FortiManager, only 'testgrpA' and 'testgrpB' can be seen from the FSSO Connector FAC2.

 

2. polledgrps.jpg

 

Comparing the two images, the user group 'testgrp1' is not received from the FSSO connector.

 

As a troubleshooting step, users can check if this object already exists in the ADOM DB under Policy & Objects -> Advanced -> CLI Configurations: user -> adgrp.

 

In the example, the user group 'testgrp1' is already polled from another FSSO Connector FAC1.

 

3. adomdb.png

 

One solution for this is to make sure the user group has a unique name in each FSSO Agent. In the example, the user group 'testgrp1' in FAC2 has been changed to 'testgrp1_FAC2' and can now be retrieved.

 

4. changed.png
Labels:
66
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.