Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.a
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Admin Guide

    26.1.a
    26.1.a

    Synchronizing LDAP remote users in wildcard user group from FortiGate

    Synchronizing LDAP remote users in wildcard user group from FortiGate

    LDAP is commonly used in user management. FortiIdentity Cloud supports different types of LDAP, including ADLDAP, Open LDAP, etc. In FortiGate, for example, you can set up a filter to manage a group of users that have the same attributes, such as the same organization, department, or role.

    Group filters can be used to reduce the number of the Active Directory users returned, and only synchronize the users who meet the group filter criteria.

    User case
    Caution

    This feature is supported on FortiGate devices running on FOS 7.4.5 or later, or FOS 7.6.0 or later.

    To synchronize Active Directory users and apply two-factor authentication using FortiIdentity Cloud, two-factor authentication must be enabled in the user LDAP object definition in FortiOS.

    Two-factor authentication for LDAP group filtering can only be configured in the CLI:

    FGVMULTM00000000 (root) # show user ldap
config user ldap
    edit <string>
        set server <ip address>
        set cnid <string>
        set dn <string>
        set type {Simple | Anonymous | Regular}
        set two-factor <fortitoken-cloud>
        set two-factor-filter <string>
        set username <string>
        set password <string>
    next
end

    In the following examples, a user ldap object is defined to connect to an Active Directory on a Windows server. The search will begin in the root of the cloudsolutionsqa.com directory.

    FGVMULTM00000000 (root) # show user ldap
config user ldap
    edit "ad-136"
        set server "00.000.00.0"
        set cnid "sAMAccountName"
        set dn "DC=cloudsolutionsqa,DC=com"
        set type regular
        set two-factor fortitoken-cloud
        set two-factor-filter "(&(objectClass=user)(memberOf=Cn=ftc-ops,ou=QA,dc=cloudsolutionsqa,dc=com))"
        set username "ldapadmin"
        set password *******************************************************************
    next
end

    When no group filter is used, all users in Active Directory with a valid email or mobile number will be retrieved; when a group filter is used, only users in that group will be filtered. In the example above, the group filter is ftc-ops.

    For more syntax and diagnostic details, please check FortiOS Release Notes at Administration Guide | FortiGate / FortiOS 7.4.5 | Fortinet Documentation Library.

    Previous
    Next

    Synchronizing LDAP remote users in wildcard user group from FortiGate

    Synchronizing LDAP remote users in wildcard user group from FortiGate

    LDAP is commonly used in user management. FortiIdentity Cloud supports different types of LDAP, including ADLDAP, Open LDAP, etc. In FortiGate, for example, you can set up a filter to manage a group of users that have the same attributes, such as the same organization, department, or role.

    Group filters can be used to reduce the number of the Active Directory users returned, and only synchronize the users who meet the group filter criteria.

    User case
    Caution

    This feature is supported on FortiGate devices running on FOS 7.4.5 or later, or FOS 7.6.0 or later.

    To synchronize Active Directory users and apply two-factor authentication using FortiIdentity Cloud, two-factor authentication must be enabled in the user LDAP object definition in FortiOS.

    Two-factor authentication for LDAP group filtering can only be configured in the CLI:

    FGVMULTM00000000 (root) # show user ldap
config user ldap
    edit <string>
        set server <ip address>
        set cnid <string>
        set dn <string>
        set type {Simple | Anonymous | Regular}
        set two-factor <fortitoken-cloud>
        set two-factor-filter <string>
        set username <string>
        set password <string>
    next
end

    In the following examples, a user ldap object is defined to connect to an Active Directory on a Windows server. The search will begin in the root of the cloudsolutionsqa.com directory.

    FGVMULTM00000000 (root) # show user ldap
config user ldap
    edit "ad-136"
        set server "00.000.00.0"
        set cnid "sAMAccountName"
        set dn "DC=cloudsolutionsqa,DC=com"
        set type regular
        set two-factor fortitoken-cloud
        set two-factor-filter "(&(objectClass=user)(memberOf=Cn=ftc-ops,ou=QA,dc=cloudsolutionsqa,dc=com))"
        set username "ldapadmin"
        set password *******************************************************************
    next
end

    When no group filter is used, all users in Active Directory with a valid email or mobile number will be retrieved; when a group filter is used, only users in that group will be filtered. In the example above, the group filter is ftc-ops.

    For more syntax and diagnostic details, please check FortiOS Release Notes at Administration Guide | FortiGate / FortiOS 7.4.5 | Fortinet Documentation Library.

    Previous
    Next