When configuring User accounts on the FortiSIEM, there are several ways to import users from a Windows Active Directory.

1. Users are stored in the CMDB by importing a discovery of all the users from the AD.
2. Users are created on the fly at their first connection using the AD Group Role mapping feature.

Initial Steps:

• If FortiSIEM is configured as Service Provider mode and LDAP needs to be configured on a dedicated organization, it is necessary to Install and configure a collector for that organization. See documentation on how to set Organization and collector in Service Provider mode.
• It is necessary to identify/create a system account in AD that is possible to use for external authentication. This will help in next configuration steps.

In the Active Directory: 

Select the Domain, 'Right-click' -> Properties, and note the domain name.

Select the User, 'Right-click' -> Properties -> Member Of, and note the group names:

Select the User, 'Right-click' -> Properties -> Attribute editor, and note the name, sAMAccountName, userPrincipalName, and the distinguished name.

In the FortiSIEM:

As an admin user of the FortiSIEM or of a specific Organization, Configure LDAP credentials by going to Admin -> Setup -> Credentials -> New.

Associate it with the Active Directory IP.

Test the credentials:

If the test credential is failing, review every entry involved in the access method definition. Regarding the NetBIOS/Domain field, make sure that it fits with the domain property found at the very first step of this article, or use one of the group type NetBIOS from the following command on the AD machine:

nbtstat -n

Configure the LDAP as External Authentication as a FortiSIEM admin or an Organization admin. From the organization admin user, set the domain name CMDB -> Users -> select user -> edit, and set the 'Domain' field to the expected domain of the organization.

Go to Admin -> Settings -> External Authentication, configure external authentication, and set the directory where the users are in the 'base DN' field. 

Test the external authentication:

1. Import LDAP Users in the CMDB.

• Discover the LDAP directory and go to Admin -> Setup -> Discovery -> New.

• Admin -> Setup -> Discovery, select an item, run discovery, and check the result and eventual errors at the 'Show Errors' tab.

• All the LDAP Users are imported into CMDB -> Users.
• Go to CMDB -> Users -> Select a User that should log in to the FortiSIEM-> Edit.

• Configure Alias on the User:

• Select System Admin and Edit, then configure the type of authentication and role:

• Log in as the User at the portal.

2. Create Users at first connection.

• Go to Admin -> Settings -> Role -> AD Group Role -> New and fill in the AD Group and the role for those Users to be able to log in with a specific role.

• It is possible now to connect with one of the Users in the configured group (example: 'domain users').

• The User account will be created in CMDB -> Users.

Important note:

The same steps can be used while setting up LDAPS external authentication. However, note that the SSL certificate check is performed regardless of whether the 'Check Certificate' option under the External Authentication Profile configuration is ticked.

This means that it is important to use the proper FQDN of the AD server in the IP/Host field that is set in the certificate to make it work.

Related articles:

• Technical Tip: How to troubleshoot LDAP authentication issues in FortiSIEM
• Technical Tip: How to troubleshoot LDAP-Role Mapping issues