Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortiems|...]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

type

Server type.

option

-

 

Option

Description

default

All other unspecified types of servers.

fortiems

FortiClient EMS server.

fortinac

FortiNAC server.

fortiems-cloud

FortiClient EMS Cloud server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password

Password of the first FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password2

Password of the second FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password3

Password of the third FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password4

Password of the fourth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

integer

Minimum value: 1 Maximum value: 65535

password5

Password of the fifth FSSO collector agent.

password

Not Specified

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortiems|...]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

type

Server type.

option

-

 

Option

Description

default

All other unspecified types of servers.

fortiems

FortiClient EMS server.

fortinac

FortiNAC server.

fortiems-cloud

FortiClient EMS Cloud server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password

Password of the first FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password2

Password of the second FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password3

Password of the third FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

password4

Password of the fourth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

integer

Minimum value: 1 Maximum value: 65535

password5

Password of the fifth FSSO collector agent.

password

Not Specified

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15