Hello,
My four Active Directory accounts were successfully joined to Fortisiem using LDAP and WMI credentials, but up until this point, I was unable to get the users and groups from the AD to Fortisiem; nothing was visible on the CMDB>Users page.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Taher,
I just wanted to provide you a link, but it appears the Forrinet docs miss the critical piece of information here.
As well as providing credentials for pulling the user list via Discovery, you will need to create the External Authentication Profile in Admin > Settings > General > External Authentication Profiles.
In your case, you will then have your new External Profile as an option in that exact same dialog you posted a screenshot of.
There is also an option to assign Roles by AD information, which I'd expect under "Role Management", but did not use yet.
Note, that finding traces of a compromised AD is not easy if the user management of the research tool depends on a working AD.
But I guess, other options like Okta don't necessarily mean more security these days ;)
However, in long term deployment, consider that there is no MFA using LDAP.
Best,
Christian
Hi @Taher11 ,
When you run discovery do you see any message and in discovery result it would tell you how many users, groups were discovered.
Ensure you have unchecked "Ping Only Discovery" in the discovery options.
Thank you for your feedback
Hello, I successfully uploaded the user on the CMDB side but to make a user a role like an admin or a DB admin I keep having the below error.
Hi Taher,
I just wanted to provide you a link, but it appears the Forrinet docs miss the critical piece of information here.
As well as providing credentials for pulling the user list via Discovery, you will need to create the External Authentication Profile in Admin > Settings > General > External Authentication Profiles.
In your case, you will then have your new External Profile as an option in that exact same dialog you posted a screenshot of.
There is also an option to assign Roles by AD information, which I'd expect under "Role Management", but did not use yet.
Note, that finding traces of a compromised AD is not easy if the user management of the research tool depends on a working AD.
But I guess, other options like Okta don't necessarily mean more security these days ;)
However, in long term deployment, consider that there is no MFA using LDAP.
Best,
Christian
Thank you, the problem was solved once I added the AD as an external authentificator.
Thanks @Secusaurus, for pointing out the doc. I've updated the document here to include additional steps for configuring the user to use External Authentication. Hopefully, this is more clear than before.
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.