Pros and cons of Fortinet Single Sign On implementation?

SoRealCru · ‎05-14-2018

Hi everyone!

I'm deciding whether or not to implement FSSO to our existing environment but aren't quite sure why we would do that? What are the pro's and cons and also what does it add to an environment?

Thanks in advance

Lennert

emnoc · ‎05-14-2018

Pro works great

Con, does not satisfy any non MS-domain device. I don't know how you can monitor multiple Domains and multiple FSSO agent in a multi-domain environment

Ken Felix

PCNSE

NSE

StrongSwan

Fishbone_FTNT · ‎05-23-2018

Hi,

multi-domain is more complex to install and configure properly, but it is supported too.

It depends if it's a domain forest or distinct domains with trusts only.

I can't be really comprehensive here (it would be very long writing), so if you have any concerns regarding multi-domain FSSO, let me know your domain setup and I will try to respond with some notes.

Non-domain devices+domain users can be authenticated by other means (portal, other device) and imported into FSSO ie with Radius Accounting (which can be processed on FSSO CA).

If you have more complex non-domain environment, you can consider to use FAC with number of techniques of logging in user and push it via FSSO into Fortigate. FAC is very strong at this (I wouldn't use it for FSSO itself, though -- requires licensing + my personal preference is standalone FSSO CA).

Regards,

Fishbone)(

smithproxy hacker - www.smithproxy.org

Pros and cons of Fortinet Single Sign On implementation?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website