Creating Fortinet Single Sign-On (FSSO) user groups

Creating Fortinet Single Sign-On (FSSO) user groups

You cannot use Windows or Novell groups directly in FortiGate security policies. You must create FortiGate user groups of the FSSO type and add Windows or Novell groups to them.


To create a user group for FSSO authentication – web-based manager:

1. Go to User & Device > User > User Groups and select Create New.

The New User Group dialog box opens.

2. In the Name box, enter a name for the group, FSSO_Internet_users for example.

3. In Type, select Fortinet Single Sign-On (FSSO).

4. In Members, select the required FSSO groups.

5. Select OK.



To create the FSSO_Internet-users user group – CLI

config user group

edit FSSO_Internet_users

set group-type fsso-service

set member CN=Engineering,cn=users,dc=office,dc=example,dc=com




Default FSSO group

SSO_Guest_users is a default user group enabled when FSSO is configured. It allows guest users on the network who do not have an FSSO account to authenticate and have access to network resources. See Enabling guest access through FSSO security policies on page 550.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.