Hi
Am I correct in saying that if i set up the 'login expiry' under the 'Fortinet SSO Methods > SSO > General' to 24 Hours a users will be automatically logged of after this period although he may be active on his account.
eg surfing online and they receive the authentication screen for re-login
Thanks
B
Not necessarily. This depends on how the user identity is being collected (we have several methods). If you are using AD Polling for example, whilst browsing and opening network shares, this will trigger login events will reset the expiry timer. In this case the expiry timer will start from the last login event seen.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
HI Carl
the users are self-registered, so would be local to the FAC DB.
all users are forced initially to authenticate with the FAC via the captive portal.
I am using Radius accounting as a source of SSO
thanks
B
Thanks Carl
If you are only using RADIUS Accounting, you shouldn't even need to enable this timeout as in theory, FAC should see a RADIUS Accounting Stop which we will use to clear the user login. If you do have it enabled, behavior will be down to the RADIUS Auth Client (i.e. the devices sending FAC the Accounting packets). If FAC sees regular RADIUS Interims, they will reset the expiry timer.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.