Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dontmindme
New Contributor II

Local user authentication. Captive portal alternative?

Scenario: Small office with users and no AD-Domain.

Is it possible to have a local agent installed (forticlient? Anything else?) on each computer logged in with a username/password and have that information sent to the fortigate when accessing rules etc instead of manually having to log on/into the captive portal every day?

 

The end goal is to enter the username/password once on each computer and identify the users automatically.

Any input appreciated!

 

1 Solution
aahmadzada
Staff
Staff

Hi dontmindme,

 

In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain

2. Configure local FSSO poller on the Fortigate.

3. Use the FSSO groups in the appropriate policies.

 
As a result - the user logged in to his PC will generate a logon event on the AD.

That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.

Regards,

 

 

 

Ahmad

View solution in original post

3 REPLIES 3
Troubleshooter_73
New Contributor III

So from your description I would assume, you have to integrate any Authentication source, like FortiAuthenticator, LDAP, AD or RADIUS with NPS and/or a Certification Authority for cert based authentication. Maybe, if the customer is using an AzureAD for it's O365 Services, the SAML Auth feature may be a solution...?



FCNSA 5, FCNSP 5, NSE 4

FCNSA 5, FCNSP 5, NSE 4
aahmadzada
Staff
Staff

Hi dontmindme,

 

In case if you do not have a centralized solution for the user authentication, I`m afraid there is not much can be done in order to fulfill your requirement.
The easiest way of doing this would be to:
1. Deploy AD and join all PCs to the domain

2. Configure local FSSO poller on the Fortigate.

3. Use the FSSO groups in the appropriate policies.

 
As a result - the user logged in to his PC will generate a logon event on the AD.

That logon event will be polled by a local FSSO poller and the logon event for that user will be generated on the Fortigate.

Regards,

 

 

 

Ahmad
dontmindme

Ok, it seems that this is not a workable solution then. The computers are stand-alone and i was looking for a solution to authenticate the users in another way than captive portal. Setting up a AD for the purpose and joining computers are a overkill solution to a simple local setup.

 

Sadly accepting this as a solution.

Thank you!

 

Labels
Top Kudoed Authors