Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nara
New Contributor

Created on ‎02-14-2025 02:54 AM

FortiProxy FSSO Implementation Challenge - User Object Definition

Hi All,

 

I am writing to inquire about a challenge I've encountered while implementing Fortinet Single Sign-On (FSSO) on my FortiProxy in a lab environment.

Current Setup

  • I have successfully integrated the FSSO Collector Agent in DC Agent mode with my Active Directory (AD) and Domain Controller (DC) servers.
  • However, when attempting to define a user object of FSSO type under the User Definition submenu, only AD Groups are generated. I am unable to select specific AD Users.

Questions

  1. Does the FSSO configuration on FortiProxy differ from that on FortiGate? On FortiGate, I can define FSSO users by selecting specific AD Users under User Definition. This does not appear to be the case with FortiProxy.
  2. If defining FSSO users by specific AD User is not possible on FortiProxy, how can I implement FSSO in FortiProxy policies? I have several proxy policies that require source addresses to be defined by specific AD Users.

 

I would appreciate any insights or guidance you can provide to resolve this issue.

Thank you for your time and assistance.

Sincerely,

Nara

Labels:
155
0 Kudos
2 REPLIES 2
rbraha
Staff
Staff

Created on ‎02-14-2025 08:49 AM

Hi @Nara 

 

You can specify user group info where this user is part in AD ,no need to import specific user as FSSO , check the guide below it might help.

 

https://docs.fortinet.com/document/fortiproxy/7.6.0/fortiproxy-authentication-guide/9081/using-singl...

135
Nara
New Contributor
In response to rbraha

Created on ‎02-14-2025 06:56 PM

Hi @rbraha ,

 

Thank you for your answer!

I need to create a user-specific policy. If I implement your suggestion, where the source object in the proxy policy is based on a user group in Active Directory, the proxy policy I create will affect all users in that group, whereas I only want it to affect one user. Is it possible for the source object to be a specific user with FSSO user type? Because when I check the User Definition configuration on Fortigate, we can define users specifically with the FSSO user type.

 

Sincerely,

Nara

104
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.