Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
abc
New Contributor

ZTNA tags active directory group

Hi All,

We have been doing more and more work with ZTNA tagging but have stumbled across an issue.

EMS 7.0.3

Forti OS 7.0.5

When using active directory group tags we are finding they do not apply. For an example, we would like to tag any users that are members of an ad Group called "Workstation Admins"

In EMS we are able to find the AD group fine and create the tag rule

workstation Admins.png

When we login to a workstation with fortclient installed as a user that is a member of the above group the tag does not show / get detected

endpoint_tags.png

If we use a generic AD group like domain users, the tag pops straight away

domain users.pngendpoint_tags_wksadmins.png

 

Any ideas would be appreciated

3 REPLIES 3
Anonymous
Not applicable

Hello @abc ,
 
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
 
Thanks,
abc
New Contributor

Thanks, look forward to an update.

peisenberg
Staff
Staff

Hi
Did you tried to reboot endpoint ? 
Also I believe user group need to be type security group
Please note there is a bug reported for this feature so please check with TAC it might require more troubleshooting
thanks
Pavol Eisenberg

TAC
Labels
Top Kudoed Authors