Chapter 5. Authentication
5.2 FSSO
Learning Objectives
- Install FSSO Agent on Windows Server
- Configure a FSSO
Scenario: FSSO stands for Fortinet Single Sign-on and it is used to allow users to login into the network with one single login credential. In this scenario, we are going to focus on agent-based FSSO and we are going to install the agent on Windows Server. Then, anyone logins through Active Directory, we can track them through FortiGate Logs and Events.
- In this scenario, we are going to join windows 10 to Active Directory that we have set already. The domain controller name is Hamid.local. First, we will join Windows 10 to the domain controller.
Figure 5.11: Join Windows to the Active Directory 
Figure 5.12: Enter Domain name 
Figure 5.13: Enter username and password of AD administrator - Install FSSO Agent on the AD server.
Figure 5.14: Install FSSO Agent 
Figure 5.15: Install FSSO Agent The password you set here for the agent is going to be used in the FortiGate firewall when you want to connect to the FSSO Agent.
Figure 5.16: Configure FSSO Agent - In the FortiGate firewall, go to Security Fabric > External Connectors > FSSO Agent on Windows AD.
Figure 5.17: Set external connectors Enter the same password you have set in step 2.
Figure 5.18: Set FSSO Agent settings 
Figure 5.19: FSSO Agent status - You should be able to connect to FSSO Agent and you can verify the status of the external connector.
- Verify your configuration by going to Log & Report > Events > User Events.
Figure 5.20: FSSO event logs - After connecting to the Agent, you should be able to see users and groups in AD when you are creating a new user.
Figure 5.21: Verify configuration
