Creating Fortinet Single Sign-On (FSSO) user groups

Creating Fortinet Single Sign-On (FSSO) user groups

You cannot use Windows or Novell groups directly in FortiGate security policies. You must create FortiGate user groups of the FSSO type and add Windows or Novell groups to them.


To create a user group for FSSO authentication – web-based manager:

1. Go to User & Device > User > User Groups and select Create New.

The New User Group dialog box opens.

2. In the Name box, enter a name for the group, FSSO_Internet_users for example.

3. In Type, select Fortinet Single Sign-On (FSSO).

4. In Members, select the required FSSO groups.

5. Select OK.



To create the FSSO_Internet-users user group – CLI

config user group

edit FSSO_Internet_users

set group-type fsso-service

set member CN=Engineering,cn=users,dc=office,dc=example,dc=com




Default FSSO group

SSO_Guest_users is a default user group enabled when FSSO is configured. It allows guest users on the network who do not have an FSSO account to authenticate and have access to network resources. See Enabling guest access through FSSO security policies on page 550.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos