Authorized User Groups

Authorized User Groups displays OUs and user groups from all imported LDAP servers.

This page displays the following columns of information:

Column	Description
Domain Name	Group name.
Server IP	LDAP server IP address.
Last Synced	Time that EMS and the LDAP server last synchronized configurations.
Invitation Status	Whether an invitation was created for this user group.

Selecting a domain in the list displays the following columns of information:

Column	Description
Group Name	Group name.
Users	Number of users that belong to the group.
Group Status	Authorized (default)—If a group is authorized, its users can onboard to EMS as long as the user does not belong to any excluded groups. Excluded—If a group is excluded, its users are blocked from connecting and cannot onboard to EMS, even if the user also belongs to other authorized groups. Example: Assuming that we have two LDAP groups: Group A and Group B, both authorized with a shared user Adam. Adam can be verified and join the ForitClient EMS because he belongs to an authorized group but not any excluded groups. If you change the status of Group B to Excluded, Adam will not be able to be verified or join the FortiClient EMS any more even if Adam also belongs to Group A which is authorized.

Column

Description

Group Name

Group name.

Users

Number of users that belong to the group.

Group Status

Authorized (default)—If a group is authorized, its users can onboard to EMS as long as the user does not belong to any excluded groups.
Excluded—If a group is excluded, its users are blocked from connecting and cannot onboard to EMS, even if the user also belongs to other authorized groups.

Example:

Assuming that we have two LDAP groups: Group A and Group B, both authorized with a shared user Adam. Adam can be verified and join the ForitClient EMS because he belongs to an authorized group but not any excluded groups. If you change the status of Group B to Excluded, Adam will not be able to be verified or join the FortiClient EMS any more even if Adam also belongs to Group A which is authorized.

You can filter the list of groups by authorized or excluded, OUs or groups.

To authorize or exclude a group:

Go to User Management > Authorized User Groups.
Select the desired domain.
Select the desired group(s).
Click Authorize or Exclude.

Authorized User Groups

Authorized User Groups displays OUs and user groups from all imported LDAP servers.

This page displays the following columns of information:

Column	Description
Domain Name	Group name.
Server IP	LDAP server IP address.
Last Synced	Time that EMS and the LDAP server last synchronized configurations.
Invitation Status	Whether an invitation was created for this user group.

Selecting a domain in the list displays the following columns of information:

Column	Description
Group Name	Group name.
Users	Number of users that belong to the group.
Group Status	Authorized (default)—If a group is authorized, its users can onboard to EMS as long as the user does not belong to any excluded groups. Excluded—If a group is excluded, its users are blocked from connecting and cannot onboard to EMS, even if the user also belongs to other authorized groups. Example: Assuming that we have two LDAP groups: Group A and Group B, both authorized with a shared user Adam. Adam can be verified and join the ForitClient EMS because he belongs to an authorized group but not any excluded groups. If you change the status of Group B to Excluded, Adam will not be able to be verified or join the FortiClient EMS any more even if Adam also belongs to Group A which is authorized.

Column

Description

Group Name

Group name.

Users

Number of users that belong to the group.

Group Status

Authorized (default)—If a group is authorized, its users can onboard to EMS as long as the user does not belong to any excluded groups.
Excluded—If a group is excluded, its users are blocked from connecting and cannot onboard to EMS, even if the user also belongs to other authorized groups.

Example:

You can filter the list of groups by authorized or excluded, OUs or groups.

To authorize or exclude a group:

Go to User Management > Authorized User Groups.
Select the desired domain.
Select the desired group(s).
Click Authorize or Exclude.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

Administration Guide

Authorized User Groups

Authorized User Groups

To authorize or exclude a group:

Authorized User Groups

Authorized User Groups

To authorize or exclude a group: