Creating Fortinet Single Sign-On (FSSO) user groups
You cannot use Windows or Novell groups directly in FortiGate security policies. You must create FortiGate user groups of the FSSO type and add Windows or Novell groups to them.
To create a user group for FSSO authentication – web-based manager:
1. Go to User & Device > User > User Groups and select Create New.
The New User Group dialog box opens.
2. In the Name box, enter a name for the group, FSSO_Internet_users for example.
3. In Type, select Fortinet Single Sign-On (FSSO).
4. In Members, select the required FSSO groups.
5. Select OK.
To create the FSSO_Internet-users user group – CLI
config user group
set group-type fsso-service
set member CN=Engineering,cn=users,dc=office,dc=example,dc=com
Default FSSO group
SSO_Guest_users is a default user group enabled when FSSO is configured. It allows guest users on the network who do not have an FSSO account to authenticate and have access to network resources. See Enabling guest access through FSSO security policies on page 550.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!