Hello, I am testing single sign on, FSSOwithout agent, in Fortios 5.0 on a FGT 60c unit. I have created 2 AD groups on the windows DC: internet-full and internet-restricted then I added users to these groups. I have put the AD user group in the FSSO user group, 1 group for full internet, 1 group for restricted internet. When I test with a ' full internet' user, named internet1, I see that this user is logged in the Fortigate : ----FSSO logons---- IP: 192.168.1.7 User: internet1 Groups: CN=internet1,CN=Users,DC=ubulin,DC=local Total number of logons listed: 1, filtered: 0 I created appropriate policies that permit ' full internet' FSSO group to access the internet. However this user cannot browse the internet. When I select individual users (via user&device, Authentication, Single sign-on and then edit users/groups) and put these individual users in the FSSO group, then it works. But this is rather cumbersome, since I want only have to add users in the Windows AD groups (by the onsite system engineer) without having to put them on the Fortigate unit also. Is this a bug in 5.0 (I don' t have experience with SSO on Fortigates yet and started with version 5 especially because it is agentless) or is this the way it works?Hello, I have the same problem with version 5.0.1-5.0.2. I hope that this problem will be fixed in version 5.0.3. In the first version of FortiOS 5.0 I could add a domain security group. PS The second firewall with firmware 4.0 works without any problem.
I hope that this problem will be fixed in version 5.0.3. In the first version of FortiOS 5.0 I could add a domain security group. PS The second firewall with firmware 4.0 works without any problem.Hi, The problem was solved in version 5.0.3 b1.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.