Hello to everyone, and thanks to read me.

First of all, wanted to say that I wanted to follow this schema:

I have an Active Directory Server, cluster Fortigates and an EMS Cloud. 

My main objective:

Permit to remote users (employees working outside our network) with AD integrated laptops to connect to forti SSL-VPN before login, and permits to have all policies loaded at the start of the session.

The remote user will turn on its laptop, put its AD credentials to connect to the VPN and will enter to its session to work as it would be inside the network.

After adding the AD user in the right AD group, being able automatically to connect to all the permitted ressourses.

As described in the schema, I did the connection between EMS Cloud and AD server, using a Windows VM as a AD connector. It permits to retrieve all device laptops from the AD to install the product or adding the users AD in EMS too.

Then, I did the connection between the fortigate and EMS Cloud. I thought this connection :

1) Would permit to the fortigate to retrieve AD info throught EMS, like users or groups, but it's not.

2) Would import all security profiles present from the fortigate to the EMS Cloud, but it's not. I would have to import from fortigate manually to be able to retrieve it. The things shared between both are tags.

In my case, I juste have the sensation that I have to make the connection between the cluster fortigates and AD Server to mount what I want to do. Am I right?

I wanted also that my AD users after putting it in the right AD group had the posibility to directly access what he has to access. but for the moment I've seen that I should having to add them manually as LDAP users in the fortigate each time?

Many thanks for your help,

PS: A lot of questions in the same topic, but as everything is related, it's a kind of mess !