Agentbased fsso for windows ad fortinet documentation library. Fortios can provide single signon capabilities to windows ad, citrix, or novell edirectory users with the help of agent software installed on these networks. In order to install fsso agentbased authentication, the software should be downloaded from the fortinet service and support web portal. The fsso software can obtain this information by polling the ad domain controllers or by using an fsso agent on each ad domain controller that monitors user logons in real time. Connect to the windows ad server and download the fsso agent from fortinet support. This method does not require any additional software components, and all the configuration can be done on the fortigate. Each firmware version is released together with a corresponding agent version. The agent software sends information about user logons to the fortigate unit.
Fortimanager needs access to the ldap server to define fsso groups. Configuring fsso on the fortigate fortinet documentation library. In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly. On a windows ad network, the fsso software can also serve nt lan manager ntlm requests coming from client browsers forwarded by the fortigate unit.
Fsso polling connector agent installation fortinet documentation. You can create ssoidentity connectors for fortinet single signon fsso agents. Overview fortiauthenticator is designed specifically to provide authentication services for firewalls, ssl and ipsec vpns, wireless access points, switches, routers, and servers. Fortios can provide single signon capabilities to windows ad, citrix, vmware horizon, novell edirectory, or, as of fortios 5. The main difference between advanced and standard mode is.
Fortigate reduces complexity with automated visibility into applications, users, and network. Your fortigate displays information retrieved from the ad server. Fsso software installed on a windows ad network monitors user logons and sends the required information to the fortigate unit. Active directory groups in identitybased firewall policy.
Enter a group name and set type to fortinet single signon fsso. In the ssoidentity section, click fortinet single signon agent. Downloading fsso agent software fortinet knowledge base. Setting up your fortigate for fsso fortinet documentation library. Installing the fsso agent fortinet documentation library. Enter a name, set type to fortinet single signon fsso, and add the fsso group as one of the members. When using this setup, it is recommended to position the fortigate physically close to the ca server and ldap server when advanced mode is used so latency is low. Fill in the name, and primary fsso agent server ip address or name and password. Creating fsso connectors fortinet documentation library. In this recipe, you use agentbased fortinet single signon fsso to allow users to login to the network once with their windows ad credentials and seamlessly access all appropriate network resources.
282 2 278 1368 33 729 800 69 1078 319 1397 1334 1312 1115 815 1359 177 801 1529 1005 939 1418 574 1459 537 138 633 455 38 453 89 779 63 495 741 395 920 1252 906