Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sims
New Contributor III

fsso

Hi,

I have couple of website and file sharing servers .

the website is integrated to active directory (ldap) 

if I implement fsso , does it mean the users does not require  to enter the username and password for other services like websites and filesharing  once they  login to the pc (active directory credentials ) 

Thanks 

1 Solution
Heaven_Knows
New Contributor III

sims wrote:

Hi,

I have couple of website and file sharing servers .

the website is integrated to active directory (ldap) 

if I implement fsso , does it mean the users does not require  to enter the username and password for other services like websites and filesharing  once they  login to the pc (active directory credentials ) 

Thanks 

fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in  that AD domain network. It means, you logon your windows client PC and your username/group  will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.

View solution in original post

4 REPLIES 4
Heaven_Knows
New Contributor III

sims wrote:

Hi,

I have couple of website and file sharing servers .

the website is integrated to active directory (ldap) 

if I implement fsso , does it mean the users does not require  to enter the username and password for other services like websites and filesharing  once they  login to the pc (active directory credentials ) 

Thanks 

fsso using windows active directory allow domain user to bypass fortigate firewall user/group authentication if they already authenticated in  that AD domain network. It means, you logon your windows client PC and your username/group  will be collected by fortigate automatically , you dont have to enter it again to access internet resource base on firewall policy user setup.

sims
New Contributor III

Hi,

 you don't have to enter it again to access internet resources based on firewall policy user setup

The above part I did not understand. Assume there is a policy for  user abc@test.com  for internet accesing 

The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the 

credentials again 

Thanks

 

Heaven_Knows
New Contributor III

sims wrote:

Hi,

 you don't have to enter it again to access internet resources based on firewall policy user setup

The above part I did not understand. Assume there is a policy for  user abc@test.com  for internet accesing 

The user login to the windows client pc and he can access the internet. Here where is the scenario of enteringing the 

credentials again 

Thanks

 

hi bro

 

if the firewall policy base on user/group to allow you to access to the internet, when you reach this policy, fortigate will redirect you to captive portal to enter authentication credential, but if fsso is implement and you have logged on to your PC with AD credential, it would not prompt for credential again.

hope this help

 

seshuganesh
Staff
Staff

Hi Team,

 

No its not that way.
FSSO cannot control what is happening at your website level.

It is simple, lets day if any user session passing through the firewall, if he is authenticated user means if firewall is able to recongnize that user, user can be able to access to access that specific session.

If the user is unauthenticated, and if the session is matching user based firewall policy then he will not be able to access the website.

It will make sure only the authenticated users can pass through the firewall if you add users in the specific firewall policy under source address field

Labels
Top Kudoed Authors