Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.4.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config user fsso

    config user fsso

    Configure Fortinet Single Sign On (FSSO) agents.

    config user fsso
    Description: Configure Fortinet Single Sign On (FSSO) agents.
    edit <name>
        set group-poll-interval {integer}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set ldap-poll [enable|disable]
        set ldap-poll-filter {string}
        set ldap-poll-interval {integer}
        set ldap-server {string}
        set logon-timeout {integer}
        set password {password}
        set password2 {password}
        set password3 {password}
        set password4 {password}
        set password5 {password}
        set port {integer}
        set port2 {integer}
        set port3 {integer}
        set port4 {integer}
        set port5 {integer}
        set server {string}
        set server2 {string}
        set server3 {string}
        set server4 {string}
        set server5 {string}
        set sni {string}
        set source-ip {ipv4-address}
        set source-ip6 {ipv6-address}
        set ssl [enable|disable]
        set ssl-server-host-ip-check [enable|disable]
        set ssl-trusted-cert {string}
        set type [default|fortinac]
        set user-info-server {string}
    next
end

    config user fsso

    Parameter

    Description

    Type

    Size

    Default

    group-poll-interval

    Interval in minutes within to fetch groups from FSSO server, or unset to disable.

    integer

    Minimum value: 1 Maximum value: 2880

    0

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ldap-poll

    Enable/disable automatic fetching of groups from LDAP server.

    option

    -

    disable

    Option

    Description

    enable

    Enable automatic fetching of groups from LDAP server.

    disable

    Disable automatic fetching of groups from LDAP server.

    ldap-poll-filter

    Filter used to fetch groups.

    string

    Maximum length: 2047

    (objectCategory=group)

    ldap-poll-interval

    Interval in minutes within to fetch groups from LDAP server.

    integer

    Minimum value: 1 Maximum value: 2880

    180

    ldap-server

    LDAP server to get group information.

    string

    Maximum length: 35

    logon-timeout

    Interval in minutes to keep logons after FSSO server down.

    integer

    Minimum value: 1 Maximum value: 2880

    5

    name

    Name.

    string

    Maximum length: 35

    password

    Password of the first FSSO collector agent.

    password

    Not Specified

    password2

    Password of the second FSSO collector agent.

    password

    Not Specified

    password3

    Password of the third FSSO collector agent.

    password

    Not Specified

    password4

    Password of the fourth FSSO collector agent.

    password

    Not Specified

    password5

    Password of the fifth FSSO collector agent.

    password

    Not Specified

    port

    Port of the first FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port2

    Port of the second FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port3

    Port of the third FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port4

    Port of the fourth FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port5

    Port of the fifth FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    server

    Domain name or IP address of the first FSSO collector agent.

    string

    Maximum length: 63

    server2

    Domain name or IP address of the second FSSO collector agent.

    string

    Maximum length: 63

    server3

    Domain name or IP address of the third FSSO collector agent.

    string

    Maximum length: 63

    server4

    Domain name or IP address of the fourth FSSO collector agent.

    string

    Maximum length: 63

    server5

    Domain name or IP address of the fifth FSSO collector agent.

    string

    Maximum length: 63

    sni

    Server Name Indication.

    string

    Maximum length: 255

    source-ip

    Source IP for communications to FSSO agent.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip6

    IPv6 source for communications to FSSO agent.

    ipv6-address

    Not Specified

    ::

    ssl

    Enable/disable use of SSL.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of SSL.

    disable

    Disable use of SSL.

    ssl-server-host-ip-check

    Enable/disable server host/IP verification.

    option

    -

    disable

    Option

    Description

    enable

    Enable server host/IP verification.

    disable

    Disable server host/IP verification.

    ssl-trusted-cert

    Trusted server certificate or CA certificate.

    string

    Maximum length: 79

    type

    Server type.

    option

    -

    default

    Option

    Description

    default

    All other unspecified types of servers.

    fortinac

    FortiNAC server.

    user-info-server

    LDAP server to get user information.

    string

    Maximum length: 35

    Previous
    Next

    config user fsso

    config user fsso

    Configure Fortinet Single Sign On (FSSO) agents.

    config user fsso
    Description: Configure Fortinet Single Sign On (FSSO) agents.
    edit <name>
        set group-poll-interval {integer}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set ldap-poll [enable|disable]
        set ldap-poll-filter {string}
        set ldap-poll-interval {integer}
        set ldap-server {string}
        set logon-timeout {integer}
        set password {password}
        set password2 {password}
        set password3 {password}
        set password4 {password}
        set password5 {password}
        set port {integer}
        set port2 {integer}
        set port3 {integer}
        set port4 {integer}
        set port5 {integer}
        set server {string}
        set server2 {string}
        set server3 {string}
        set server4 {string}
        set server5 {string}
        set sni {string}
        set source-ip {ipv4-address}
        set source-ip6 {ipv6-address}
        set ssl [enable|disable]
        set ssl-server-host-ip-check [enable|disable]
        set ssl-trusted-cert {string}
        set type [default|fortinac]
        set user-info-server {string}
    next
end

    config user fsso

    Parameter

    Description

    Type

    Size

    Default

    group-poll-interval

    Interval in minutes within to fetch groups from FSSO server, or unset to disable.

    integer

    Minimum value: 1 Maximum value: 2880

    0

    interface

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    ldap-poll

    Enable/disable automatic fetching of groups from LDAP server.

    option

    -

    disable

    Option

    Description

    enable

    Enable automatic fetching of groups from LDAP server.

    disable

    Disable automatic fetching of groups from LDAP server.

    ldap-poll-filter

    Filter used to fetch groups.

    string

    Maximum length: 2047

    (objectCategory=group)

    ldap-poll-interval

    Interval in minutes within to fetch groups from LDAP server.

    integer

    Minimum value: 1 Maximum value: 2880

    180

    ldap-server

    LDAP server to get group information.

    string

    Maximum length: 35

    logon-timeout

    Interval in minutes to keep logons after FSSO server down.

    integer

    Minimum value: 1 Maximum value: 2880

    5

    name

    Name.

    string

    Maximum length: 35

    password

    Password of the first FSSO collector agent.

    password

    Not Specified

    password2

    Password of the second FSSO collector agent.

    password

    Not Specified

    password3

    Password of the third FSSO collector agent.

    password

    Not Specified

    password4

    Password of the fourth FSSO collector agent.

    password

    Not Specified

    password5

    Password of the fifth FSSO collector agent.

    password

    Not Specified

    port

    Port of the first FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port2

    Port of the second FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port3

    Port of the third FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port4

    Port of the fourth FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    port5

    Port of the fifth FSSO collector agent.

    integer

    Minimum value: 1 Maximum value: 65535

    8000

    server

    Domain name or IP address of the first FSSO collector agent.

    string

    Maximum length: 63

    server2

    Domain name or IP address of the second FSSO collector agent.

    string

    Maximum length: 63

    server3

    Domain name or IP address of the third FSSO collector agent.

    string

    Maximum length: 63

    server4

    Domain name or IP address of the fourth FSSO collector agent.

    string

    Maximum length: 63

    server5

    Domain name or IP address of the fifth FSSO collector agent.

    string

    Maximum length: 63

    sni

    Server Name Indication.

    string

    Maximum length: 255

    source-ip

    Source IP for communications to FSSO agent.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip6

    IPv6 source for communications to FSSO agent.

    ipv6-address

    Not Specified

    ::

    ssl

    Enable/disable use of SSL.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of SSL.

    disable

    Disable use of SSL.

    ssl-server-host-ip-check

    Enable/disable server host/IP verification.

    option

    -

    disable

    Option

    Description

    enable

    Enable server host/IP verification.

    disable

    Disable server host/IP verification.

    ssl-trusted-cert

    Trusted server certificate or CA certificate.

    string

    Maximum length: 79

    type

    Server type.

    option

    -

    default

    Option

    Description

    default

    All other unspecified types of servers.

    fortinac

    FortiNAC server.

    user-info-server

    LDAP server to get user information.

    string

    Maximum length: 35

    Previous
    Next