1. Integrating the FortiGate with the Windows DC LDAP server |
|
| Go to User & Device > LDAP Servers to configure the LDAP server. |
|
2. Installing FSSO agent on the Windows DC server |
|
|
Accept the license and follow the Wizard. Enter the Windows AD administrator password. |
|
|
Select the Advanced Access method. |
 |
|
In the Collector Agent IP address field, enter the IP address of the Windows AD server. |
 |
| Select the domain you wish to monitor. |  |
| Next, select the users you do not wish to monitor. |  |
| Under Working Mode, select DC Agent Mode. |  |
| Reboot the Domain Controller. |  |
|
Upon reboot, the collector agent will start up. You can choose to Require authenticated connection from FortiGate and set a Password. |
 |
3. Configuring Single Sign-On on the FortiGate |
|
|
Go to User & Device > Single Sign-On and create a new SSO server. Under the Groups tab, select the user groups to be monitored. In this example, the “FortiOS Writers” group is used. |
 |
4. Adding a user group to the FortiGate |
|
|
Go to User & Device > User Groups to create a new FSSO user group. Under Members, select the “FortiOS Writers” group. |
 |
5. Adding a policy to the FortiGate |
|
|
Go to Policy & Objects > IPv4 Policy and create a policy allowing “FortiOS_Writers” to navigate the Internet with appropriate security profiles. The default Web Filter security profile is used in this example. |
 |
9. Results |
|
| Have users log on to the domain, go to the FSSO agent, and select Show Logon Users. |  |
| From the FortiGate, go to Dashboard to look for the CLI Console widget and type this command for more detail about current FSSO logons: |
|
|
From the FortiGate, go to Monitor > Firewall User Monitor and verify FSSO Logons. |
 |
|
Have users go to the Internet and the security profiles will be applied accordingly. Go to Log & Report > Forward Traffic to verify the log. |
 |
| Select an entry for details. |  |
The post Single Sign-On using LDAP and FSSO agent in advanced mode (Expert) appeared first on Fortinet Cookbook.