Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atravel
New Contributor III

Will LDAP Group Filter Change Affect Active VPN Users?

I've made a change in our LDAP configuration by moving all users with current tokens to a new group CN=FW_VPN_Client_Users. I plan to manage VPN access by adding users to this group as needed.

Before I proceed further, I have a question regarding the 'Set Group Filter' option in our Fortinet setup:

If I adjust the group filter settings now, will it impact users who are currently logged into the VPN with valid tokens? In other words, will changing the filter settings disconnect or otherwise affect these active users?

I'm looking to understand whether these changes will apply only to new authentication requests or also to users who are already authenticated and actively using the VPN.

Any insights or experiences you can share would be greatly appreciated!

1 Solution
atravel
New Contributor III

Collaboration with the support team has clarified that enabling the 'Set Group Filter' feature in FortiAuthenticator will not impact current token assignments or VPN user access. This setting adjustment is part of our strategy for synchronizing user accounts more efficiently and optimizing license usage.

We have now implemented a process where users requiring a token are added to a designated security group within LDAP. This approach focuses the synchronization on a specific subset of users, thereby conserving user licenses and avoiding the unnecessary syncing of all users.

View solution in original post

2 REPLIES 2
atravel
New Contributor III

I put in a support request. 

atravel
New Contributor III

Collaboration with the support team has clarified that enabling the 'Set Group Filter' feature in FortiAuthenticator will not impact current token assignments or VPN user access. This setting adjustment is part of our strategy for synchronizing user accounts more efficiently and optimizing license usage.

We have now implemented a process where users requiring a token are added to a designated security group within LDAP. This approach focuses the synchronization on a specific subset of users, thereby conserving user licenses and avoiding the unnecessary syncing of all users.

Top Kudoed Authors