Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortinac]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set logon-timeout {integer}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

-

default

 

Option

Description

default

All other unspecified types of servers.

fortinac

FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

logon-timeout

Interval in minutes to keep logons after FSSO server down.

integer

Minimum value: 1 Maximum value: 2880

5

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

0

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

disable

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

disable

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

::

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

config user fsso

Configure Fortinet Single Sign On (FSSO) agents.

config user fsso

Description: Configure Fortinet Single Sign On (FSSO) agents.

edit <name>

set type [default|fortinac]

set server {string}

set port {integer}

set password {password}

set server2 {string}

set port2 {integer}

set password2 {password}

set server3 {string}

set port3 {integer}

set password3 {password}

set server4 {string}

set port4 {integer}

set password4 {password}

set server5 {string}

set port5 {integer}

set password5 {password}

set logon-timeout {integer}

set ldap-server {string}

set group-poll-interval {integer}

set ldap-poll [enable|disable]

set ldap-poll-interval {integer}

set ldap-poll-filter {string}

set user-info-server {string}

set ssl [enable|disable]

set ssl-trusted-cert {string}

set source-ip {ipv4-address}

set source-ip6 {ipv6-address}

set interface-select-method [auto|sdwan|...]

set interface {string}

next

end

config user fsso

Parameter

Description

Type

Size

Default

type

Server type.

option

-

default

 

Option

Description

default

All other unspecified types of servers.

fortinac

FortiNAC server.

server

Domain name or IP address of the first FSSO collector agent.

string

Maximum length: 63

port

Port of the first FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password

Password of the first FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server2

Domain name or IP address of the second FSSO collector agent.

string

Maximum length: 63

port2

Port of the second FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password2

Password of the second FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server3

Domain name or IP address of the third FSSO collector agent.

string

Maximum length: 63

port3

Port of the third FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password3

Password of the third FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server4

Domain name or IP address of the fourth FSSO collector agent.

string

Maximum length: 63

port4

Port of the fourth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password4

Password of the fourth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

server5

Domain name or IP address of the fifth FSSO collector agent.

string

Maximum length: 63

port5

Port of the fifth FSSO collector agent.

integer

Minimum value: 1 Maximum value: 65535

8000

password5

Password of the fifth FSSO collector agent. The collector agent can only accept passwords up to 15 characters in length.

password

Not Specified

logon-timeout

Interval in minutes to keep logons after FSSO server down.

integer

Minimum value: 1 Maximum value: 2880

5

ldap-server

LDAP server to get group information.

string

Maximum length: 35

group-poll-interval

Interval in minutes within to fetch groups from FSSO server, or unset to disable.

integer

Minimum value: 1 Maximum value: 2880

0

ldap-poll

Enable/disable automatic fetching of groups from LDAP server.

option

-

disable

 

Option

Description

enable

Enable automatic fetching of groups from LDAP server.

disable

Disable automatic fetching of groups from LDAP server.

ldap-poll-interval

Interval in minutes within to fetch groups from LDAP server.

integer

Minimum value: 1 Maximum value: 2880

180

ldap-poll-filter

Filter used to fetch groups.

string

Maximum length: 2047

(objectCategory=group)

user-info-server

LDAP server to get user information.

string

Maximum length: 35

ssl

Enable/disable use of SSL.

option

-

disable

 

Option

Description

enable

Enable use of SSL.

disable

Disable use of SSL.

ssl-trusted-cert

Trusted server certificate or CA certificate.

string

Maximum length: 79

source-ip

Source IP for communications to FSSO agent.

ipv4-address

Not Specified

0.0.0.0

source-ip6

IPv6 source for communications to FSSO agent.

ipv6-address

Not Specified

::

interface-select-method

Specify how to select outgoing interface to reach server.

option

-

auto

 

Option

Description

auto

Set outgoing interface automatically.

sdwan

Set outgoing interface by SD-WAN or policy routing rules.

specify

Set outgoing interface manually.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15