The Fine-grained Controls menu provides options to include or exclude a user or group from SSO, and set the maximum number of concurrent sessions that a user or group can have.
To adjust the controls, go to Fortinet SSO Methods > SSO > Fine-grained Controls.
The following options are available:
||Edit the selected user’s or group’s settings.
||Clear the SSO configuration for the selected users or groups.
|Exclude from SSO
||Select a user or users, then select Exclude from SSO to exclude them from SSO.
|Include in SSO
||Select a user or users, then select Include in SSO to include the selected users in SSO.
||Select the SSO type to view from the dropdown menu. The options are: Local Users, Local Groups, SSO Users, and SSO Groups.
||The users’ or groups’ names. Select the column title to sort the list by this column.
|Maximum Concurrent Sessions
||The maximum concurrent sessions allowed for the user or group. This number cannot be greater than five.
|Excluded from SSO
||If the user or group is excluded from SSO, a red circle with a line is displayed.
To edit an SSO user or group:
- In the Fine-grained Controls window, select the SSO user or group to edit then select Edit.
The Edit SSO Fine-grained Control Item window opens.
- Enter the maximum number of concurrent SSO logon sessions per user that the user or group is allowed to have. Enter 0 for unlimited. The value must be less than or equal to five.
- If the SSO item is a user, select Exclude from SSO and select either Do not affect current user when excluded user logs in or Logoff current user when excluded user logs in.
- Select OK to apply the changes.