AD User

HS08 · ‎04-11-2023

Hello,

We have AD group named 'ALLOW TO INTERNET' and this member can access to the internet, if we add one user to this group how long fortinet can detect this user is member of 'ALLOW TO INTERNET' so this user can access to the internet?

kvimaladevi · ‎04-11-2023

Hi,

I understand that you would like to know how long it will take for a Fortigate to sync a newly added user in the group on AD.

As long as the Fortigate and AD are in sync, it will just take few minutes based on the network not more than that.

Please make sure the user is imported in the Fortigate and is added to the policy to get internet access.

Regards,

Vimala

HS08 · ‎04-11-2023

Can we see on fortigate side every user is belong to which AD group?

kvimaladevi · ‎04-11-2023

Hi,

Yes, you can do this in the GUI, under User & Device > User Definition you will see all the users. In the far right column you will be able to see the references. Click the number next to the user to show you all the groups it's been added to.

Regards,

Vimala

HS08 · ‎04-11-2023

Hello,

I believe that for local user not for AD user.

Markus_M · ‎04-12-2023

Hi,

the grou lookup will be done on every lookup that is needed to be done. If you add a user and the user authentication has to be done, so SSLVPN, captive portal, the authentication will trigger the lookup.

After this, when the user IS authenticatED, no further lookup is done. If you remove the user from the group while the user is logged in, the user will NOT loose access.

Best regards,

Markus

HS08 · ‎04-12-2023

So, from fortigate side we can't lookup the user belong to which group, right?