Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortinac]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

-

default

 

Option

Description

default

All other unspecified types of servers.

fortinac

FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent.

password

Not Specified

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

0

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

disable

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

disable

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

::

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortinac]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

-

default

 

Option

Description

default

All other unspecified types of servers.

fortinac

FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent.

password

Not Specified

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

0

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

disable

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

disable

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

::

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15