Chapter 5. Authentication

5.2 FSSO

Learning Objectives

  • Install FSSO Agent on Windows Server
  • Configure a FSSO
Scenario: FSSO stands for Fortinet Single Sign-on and it is used to allow users to login into the network with one single login credential. In this scenario, we are going to focus on agent-based FSSO and we are going to install the agent on Windows Server. Then, anyone logins through Active Directory, we can track them through FortiGate Logs and Events.
  1. In this scenario, we are going to join windows 10 to Active Directory that we have set already. The domain controller name is Hamid.local. First, we will join Windows 10 to the domain controller.
    Step 1- Join Windows to the Active Directory
    Figure 5.11: Join Windows to the Active Directory
    Step2- Enter Domain name
    Figure 5.12: Enter Domain name
    Step3- Enter username and password of AD administrator
    Figure 5.13: Enter username and password of AD administrator
  2. Install FSSO Agent on the AD server.
    Step1- Install FSSO Agent
    Figure 5.14: Install FSSO Agent
    Step2- Install FSSO Agent
    Figure 5.15: Install FSSO Agent

    The password you set here for the agent is going to be used in the FortiGate firewall when you want to connect to the FSSO Agent.

    Configure FSSO Agent
    Figure 5.16: Configure FSSO Agent
  3. In the FortiGate firewall, go to Security Fabric > External Connectors > FSSO Agent on Windows AD.
    set external connectors
    Figure 5.17: Set external connectors

    Enter the same password you have set in step 2.

    Set FFSO Agent settings
    Figure 5.18: Set FSSO Agent settings
    FSSO Agent status
    Figure 5.19: FSSO Agent status
  4. You should be able to connect to FSSO Agent and you can verify the status of the external connector.
  5. Verify your configuration by going to Log & Report > Events > User Events.
    FSSO event logs
    Figure 5.20: FSSO event logs
  6. After connecting to the Agent, you should be able to see users and groups in AD when you are creating a new user.
    After connecting to the Agent, you should be able to see users and groups in AD when you are creating a new user.
    Figure 5.21: Verify configuration

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall Copyright © 2023 by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book