Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

User Authentication on Fortinet

I am using FortiGate 1000C and i have users our the network which browse internet after successfully authentication ..actually we have applied different policies on different groups .Some user share their username / passwords with their so the other one can access the websites/applications.We want to active the user at only one workstation rather than it'll have sessions on different 

If some other uses the same credentials .it shouldn't be login.


It is possible to set the "Maximum concurrent user sessions" to 1 under Fortinet SSO Methods > SSO > General, however on second login, it will invalidate the first (not prevent the second).  Enforcing a single session would cause problems when a user legitimately moves from one device to another (and a logoff is not detected from the first session).


This sounds more like a need for user training on the organisation acceptable use policy as nobody should ever share their password as they will become liable for the actions of others. 


Dr. Carl Windsor Field Chief Technology Officer Fortinet


Hi carl

Yes you are right we've the policy but no strict,thats why user are sharing passwords


One more thing i want to know if i apply SSO method how it'll affect the existing authentication that is LDAP servers





Hello Imran,

there is no direct impact or interference between authentication methods.The one defined by used firewall policy will be used.

I would not suggest to use two different (SSO and LDAP) based authentication user groups in a single policy, but rather use automatic fall through (FortiOS 5.2 and later), or explicitly stated fall-through on older FortiOS (4.3-5.0), and have two consecutive identity based policies. First with FSSO (passive auth, no user input needed) and second one with active method like LDAP captive portal.

Even NTLM can be used as 'passive' method if set properly on FortiGate and workstations.


Best regards,


Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

Top Kudoed Authors