To manage SSO users and groups, go to Fortinet SSO Methods > SSO > SSO Users or SSO Groups.
The following options are available:
In the Create New SSO User or Create New SSO Group window, enter a name for the user or group, then select OK.
|Import||Import SSO users or groups from a remote LDAP server.|
|Delete||Delete the selected users or groups.|
|Edit||Edit the selected user or group.|
|Name||The SSO user or group names.|
|Created/Imported||Displays whether or not the user or user group was created or imported.|
FortiAuthenticator SSO user groups cannot be used directly in a security policy on a FortiGate device. An FSSO user group must be created on the FortiGate unit, then the FortiAuthenticator SSO groups must be added to it. FortiGate FSSO user groups are available for selection in identity-based security policies. See the FortiOS Handbook for more information.
- In the SSO Users or SSO Groups list, select Import.
- In the Import SSO Users or Import SSO Groups window, select whether to import the DN or Username, and select a remote LDAP server from the Remote LDAP Server dropdown menu, then select Browse.
- In the Import SSO Groups window, select a remote LDAP server from the Remote LDAP Server dropdown menu and select Browse. Alternatively, select Azure ADFS and specify the Graph API Service Root, Client ID, and Client key.
An LDAP server must already be configured to select it in the dropdown menu. See LDAP service for more information on adding a remote LDAP server.
The Import SSO Users or Import SSO Groups window opens in a new browser window.
- Optionally, enter a Filter string to reduce the number of entries returned, and then select Apply, or select Clear to clear the filters.
- The default configuration imports the attributes commonly associated with Microsoft Active Directory LDAP implementations. Select Configure user attributes to edit the remote LDAP user mapping attributes.
- Select the entries you want to import.
- Optionally, select an organization from the Organization drop-down to associated the imported users with a specific organization. See Organizations.
- Select OK to import the users or groups.
uid=j* returns only user IDs beginning with “j”.
Selecting the field, FirstName for example, presents a list of attributes which have been detected and can be selected. This list is not exhaustive; other non-displayed attributes may be available for import. Consult your LDAP administrator for a list of available attributes.