Hi,
I have couple of website and file sharing servers .
the website is integrated to active directory (ldap)
if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )
Thanks
Solved! Go to Solution.
sims wrote:fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in that AD domain network. It means, you logon your windows client PC and your username/group will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.Hi,
I have couple of website and file sharing servers .
the website is integrated to active directory (ldap)
if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )
Thanks
sims wrote:fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in that AD domain network. It means, you logon your windows client PC and your username/group will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.Hi,
I have couple of website and file sharing servers .
the website is integrated to active directory (ldap)
if I implement fsso , does it mean the users does not require to enter the username and password for other services like websites and filesharing once they login to the pc (active directory credentials )
Thanks
Hi,
you don't have to enter it again to access internet resources based on firewall policy user setup
The above part I did not understand. Assume there is a policy for user abc@test.com for internet accesing
The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the
credentials again
Thanks
sims wrote:hi broHi,
you don't have to enter it again to access internet resources based on firewall policy user setup
The above part I did not understand. Assume there is a policy for user abc@test.com for internet accesing
The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the
credentials again
Thanks
if the firewall policy base on user/group to allow you to access to the internet, when you reach this policy, fortigate will redirect you to captive portal to enter authentication credential, but if fsso is implement and you have logged on to your PC with AD credential, it would not prompt for credential again.
hope this help
Hi Team,
No its not that way.
FSSO cannot control what is happening at your website level.
It is simple, lets day if any user session passing through the firewall, if he is authenticated user means if firewall is able to recongnize that user, user can be able to access to access that specific session.
If the user is unauthenticated, and if the session is matching user based firewall policy then he will not be able to access the website.
It will make sure only the authenticated users can pass through the firewall if you add users in the specific firewall policy under source address field
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.