I am using FortiGate 1000C and i have users our the network which browse internet after successfully authentication ..actually we have applied different policies on different groups .Some user share their username / passwords with their so the other one can access the websites/applications.We want to active the user at only one workstation rather than it'll have sessions on different
If some other uses the same credentials .it shouldn't be login.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It is possible to set the "Maximum concurrent user sessions" to 1 under Fortinet SSO Methods > SSO > General, however on second login, it will invalidate the first (not prevent the second). Enforcing a single session would cause problems when a user legitimately moves from one device to another (and a logoff is not detected from the first session).
This sounds more like a need for user training on the organisation acceptable use policy as nobody should ever share their password as they will become liable for the actions of others.
Dr. Carl Windsor Field Chief Technology Officer Fortinet
Hi carl
Yes you are right we've the policy but no strict,thats why user are sharing passwords
One more thing i want to know if i apply SSO method how it'll affect the existing authentication that is LDAP servers
Thanks
imran
Hello Imran,
there is no direct impact or interference between authentication methods.The one defined by used firewall policy will be used.
I would not suggest to use two different (SSO and LDAP) based authentication user groups in a single policy, but rather use automatic fall through (FortiOS 5.2 and later), or explicitly stated fall-through on older FortiOS (4.3-5.0), and have two consecutive identity based policies. First with FSSO (passive auth, no user input needed) and second one with active method like LDAP captive portal.
Even NTLM can be used as 'passive' method if set properly on FortiGate and workstations.
Best regards,
Tomas
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.