FortiAuthenticator can monitor the units that make up FSSO. This is useful to ensure there is a connection to the different components when troubleshooting.
To monitor SSO domains, go to Monitor > SSO > Domains. Select Refresh to refresh the domain list. Select Expand All to expand all of the listed domains, or Collapse All to collapse the view.
All configured domain controllers appear in the domain list. Each domain controller is displayed in:
- green if the last connection attempt was successful.
- gray if no recent connection information is available.
- red if the last connection attempt failed.
Hold the pointer over a domain controller to view the status of the last LDAP query, how long ago it was, and the LDAP query's response time in milliseconds (ms). This response
time will show a warning icon if the highest recent response time is above 500 ms.
In addition, you can click on the domain controller entry to view statistics for the 100-most recent LDAP queries.
The listed response times are color coordinated as follows: green for less than 500 ms, orange for between 500 and 1000 ms, and red for more than, or equal to, 1000 ms.
To monitor SSO sessions, go to Monitor > SSO > SSO Sessions. Users can be manually logged off of if required.
The following information is available:
|Refresh the SSO sessions list.
|Log off all of the connected users.
|Log off only the selected users.
|Enter a search term in the search field, then select Search to search the SSO sessions list.
Filter the SSO session list by the source of the connection and/or by Domain Group.
To view SSO sessions not associated with any configured domain grouping, select Default.
|When the session was started.
|When the session was last updated.
|The workstation that the user is using.
|The IP address of the workstation.
|The domain group to which the domain belongs.
|The domain to which the user belongs.
|The username of the user.
|The source of the connection.
|The group to which the user belongs.
Windows event log sources
Windows event log sources can be viewed by going to Monitor > SSO > Windows Event Log Sources.
The sources list can be refreshed by selecting Refresh, and searched using the search field.
The list shows the total number of events, as well as the most recent event.
FortiGate units that are registered with FortiAuthenticator can be viewed at Monitor > SSO > FortiGates.
The list can be refreshed by selecting Refresh and searched using the search field. The list shows the connection time of each device, as well as its IP address and serial number.
User authentication events are logged in the FortiGate event log. See the FortiGate Handbook for more information.
Domain controller (DC) agents and terminal server (TS) agents that are registered with FortiAuthenticator can be viewed at Monitor > SSO > DC/TS Agents.
The list can be refreshed by selecting Refresh and searched using the search field.
The list shows the server name of each agent, as well as its IP address, its agent type, last connection time, connection status, and the number of logged-on users.
Dumped NTLM statistics can be viewed at Monitor > SSO > NTLM Statistics.
The statistics can be refreshed and cleared by selecting Refresh and Clear respectively.