This article illustrates how and why to use the FSSO Collector Agent ‘Ignore User List’ option.
In principle, FSSO Collector Agents capture all (user) account logins generated on monitored Domain Controllers, whether in polling mode or DC Agent mode. This includes service accounts and admin accounts as well.
In addition, FSSO only accounts for one user per IP (except for terminal servers and the specific Terminal Server Agent), and the Collector Agent will overwrite an existing login on an IP if another login event on the same IP is observed.
This means, for FSSO to work as expected, it is necessary to exclude certain accounts to prevent login information from being overwritten. Generally, service accounts and some admin accounts need to be excluded to prevent them from overwriting valid user logins when a login event is triggered by a service account or admin. FSSO Collector Agent provides the ‘Ignore User List’ option for this purpose.
To configure the Ignore User List:
1) From the Start menu, select Programs -> Fortinet -> Fortinet Single Sign On Agent and configure Fortinet Single Sign On Agent.
2) In the Common Tasks section, select 'Set Ignore User List'. The current list of ignored users is displayed: