Created on
06-07-2016
05:24 AM
Edited on
05-10-2023
01:16 AM
By
Jean-Philippe_P
Description
This article illustrates how and why to use the FSSO Collector Agent ‘Ignore User List’ option.
Solution
In principle, FSSO Collector Agents capture all (user) account logins generated on monitored Domain Controllers, whether in polling mode or DC Agent mode. This includes service accounts and admin accounts as well.
In addition, FSSO only accounts for one user per IP (except for terminal servers and the specific Terminal Server Agent), and the Collector Agent will overwrite an existing login on an IP if another login event on the same IP is observed.
This means, for FSSO to work as expected, it is necessary to exclude certain accounts to prevent login information from being overwritten. Generally, service accounts and some admin accounts need to be excluded to prevent them from overwriting valid user logins when a login event is triggered by a service account or admin. FSSO Collector Agent provides the ‘Ignore User List’ option for this purpose.
To configure the Ignore User List:
1) From the Start menu, select Programs -> Fortinet -> Fortinet Single Sign On Agent and configure Fortinet Single Sign On Agent.
2) In the Common Tasks section, select 'Set Ignore User List'. The current list of ignored users is displayed:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.