External authentication is already configured with the Test working successfully.

AD Group Mapping at Admin -> Settings -> Ad Group Role is configured but a user is not. It is necessary to make sure that the group seen by the FortiSIEM for the user authenticating is the one set in the GUI.

1. Activate the debug logs.
   
   

cp /opt/phoenix/config/log4j2.xml /opt/phoenix/config/log4j2.xml.bak

sed -i 's/<Logger name=\"com.ph.phoenix\" level=\"info\" additivity=\"false\">/<Logger name=\"com.ph.phoenix\" level=\"debug\" additivity=\"false\">/' /opt/phoenix/config/log4j2.xml

2. Look at the logs:
   
   

   tail -f /opt/glassfish/domains/domain1/logs/phoenix.log | egrep -i 'ldap|auth'

    

    

3. From the web browser, access the login page and try to log in with user@domaim.loc on the FortiSIEM portal:
   
   

   

    

4. Check the logs in the CLI for LDAP group mapping expected with the line 'AuthenticatorBean - Got Ldap groups'.
   
   

   

    

    

5. Report this CN in the GUI at Admin -> Settings -> AD Group Role.
   
   

   

    

    

6. Try to log in again from the FortiSIEM Portal. Now the new user is created in CMDB and is authenticated. If the issue persists, check the logs again from the CLI.

    

    

7. Disactivate the debug logs in the CLI:
   
   

   mv -f /opt/phoenix/config/log4j2.xml.bak /opt/phoenix/config/log4j2.xml