Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mantaransingh_FTNT
Staff
Staff

Created on ‎09-07-2021 10:42 AM Edited on ‎02-06-2022 06:25 AM By Community Manager

Article Id 195147

Technical Tip: How to Limit Admin access for Remote LDAP Users using Group Filter

Description.

 

This article explains how to apply a Group Filter to  LDAP Remote Authentication to limit admin login access to FortiAnalyzer or FortiManager to members of specific AD groups.

 

 


Expectations, Requirements

 

Objective:

Only users who are members of AD groups defined in the group filter can get admin access to Forti
Users from other AD group do not get access


Configuration

 

1. Active Directory configuration
 
AD groups and users

‘TestGroup1’ has member ‘group1user’
‘TestGroup2’ has member ‘group2user’

 
2. FortiAnalyzer/FortiManager configuration of LDAP server with group filter
 
For group filter, we need to put DN value of group
DN of 'testgroup1'- "cn=testgroup1,dc=mydomain01,dc=local"
 
 

 
Administrator


Verification

 

- Login with ‘group1user’ succeeds


 

 

Login with ‘group2user’ fails

 

To troubleshoot:

 

# diagnose debug application auth 25
# diagnose debug enabl

1426
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.