SSO
FortiAuthenticator can monitor the units that make up FSSO. This is useful to ensure there is a connection to the different components when troubleshooting.
Domains
To monitor SSO domains, go to Monitor > SSO > Domains. Select Refresh to refresh the domain list. Select Expand All to expand all of the listed domains, or Collapse All to collapse the view.
In some instances, FSSO's performance may have been impeded by Domain Controllers that were slow to answer LDAP queries for group lookup. Because of this, new enhancements for LDAP queries have been introduced.
Prior to FortiAuthenticator 4.3, mousing-over Domain Controllers and their most recent LDAP query showed the status of the query, and how long ago it was. Now it also shows the LDAP query's response time in milliseconds (ms). This response time will show a warning icon if the highest recent response time is above 500 ms.
In addition, you can click on the Domain Controller entry to view statistics for the 100-most recent LDAP queries. The listed response times will be colour coordinated as follows: green for less than 500 ms, orange for time between 500 and 1000 ms, and red for more than/equal to 1000 ms.
SSO Sessions
To monitor SSO sessions, go to Monitor > SSO > SSO Sessions. Users can be manually logged off of if required.
The following information is available:
Domain Controllers
Domain controllers that are registered with the FortiAuthenticator unit can be viewed by going to Monitor > SSO > Domain Controllers.
The domain controllers list can be refreshed by selecting Refresh, and searched using the search field.
The list shows the connection status of the domain controller, as well as its update time and IP address. The total number of events, as well as the most recent event, are also shown.
FortiGates
FortiGate units that are registered with the FortiAuthenticator unit can be viewed at Monitor > SSO > FortiGates.
The list can be refreshed by selecting Refresh and searched using the search field. The list shows the connection time of each device, as well as its IP address and serial number.
User authentication events are logged in the FortiGate event log. See the FortiGate Handbook for more information.
DC/TS Agents
Domain Controller (DC) Agents and Terminal Server (TS) Agents that are registered with the FortiAuthenticator unit can be viewed at Monitor > SSO > DC/TS Agents.
The list can be refreshed by selecting Refresh and searched using the search field.
The list shows the server name of each agent, as well as its IP address, its agent type, last connection time, connection status, and the number of logged-on users.