Fortinet black logo

Administration Guide

Creating FSSO connectors

Creating FSSO connectors

You can create SSO/identity connectors for Fortinet single sign-on (FSSO) agents.

FSSO is the authentication protocol by which users can transparently authenticate to FortiGate, FortiClient EMS, FortiAuthenticator, and FortiCache devices.

To create FSSO connectors:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SSO/Identity, select FSSO, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the connector object.
    FSSO Agent

    Complete the IP/Name, Password, and Port options for each FortiAuthenticator unit that will act as an SSO agent.

    Select FSSO Groups

    Specify whether to get FSSO groups from FSSO agents or via FortiGate.

    User Groups LDAP Server

    Select the name of the LDAP server to be used to get group information from the Directory Service.

    Per-Device Mapping

    (Optional) Toggle On to set per-device mappings between FortiGate units and FSSO agents, and then create the mappings. Toggle OFF to disable this feature.

    Advanced Options

    Expand to view and configure advanced options for Fortinet single sign-on agents. For details, see the FortiOS CLI Reference.

To configure the FSSO connector as a FortiClient EMS Connector, select the Type as FortiClient EMS, IP/Name as the Windows Server's IP and turn SSL to ON. Click Apply and Refresh. The connector gets a list of tags from the EMS server and shows them as User Groups. This is similar to the Active Directory groups in Windows Server.

Creating FSSO connectors

You can create SSO/identity connectors for Fortinet single sign-on (FSSO) agents.

FSSO is the authentication protocol by which users can transparently authenticate to FortiGate, FortiClient EMS, FortiAuthenticator, and FortiCache devices.

To create FSSO connectors:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SSO/Identity, select FSSO, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the connector object.
    FSSO Agent

    Complete the IP/Name, Password, and Port options for each FortiAuthenticator unit that will act as an SSO agent.

    Select FSSO Groups

    Specify whether to get FSSO groups from FSSO agents or via FortiGate.

    User Groups LDAP Server

    Select the name of the LDAP server to be used to get group information from the Directory Service.

    Per-Device Mapping

    (Optional) Toggle On to set per-device mappings between FortiGate units and FSSO agents, and then create the mappings. Toggle OFF to disable this feature.

    Advanced Options

    Expand to view and configure advanced options for Fortinet single sign-on agents. For details, see the FortiOS CLI Reference.

To configure the FSSO connector as a FortiClient EMS Connector, select the Type as FortiClient EMS, IP/Name as the Windows Server's IP and turn SSL to ON. Click Apply and Refresh. The connector gets a list of tags from the EMS server and shows them as User Groups. This is similar to the Active Directory groups in Windows Server.