Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

SSO

FortiAuthenticator can monitor the units that make up FSSO. This is useful to ensure there is a connection to the different components when troubleshooting.

Domains

To monitor SSO domains, go to Monitor > SSO > Domains. Select Refresh to refresh the domain list. Select Expand All to expand all of the listed domains, or Collapse All to collapse the view.

In some instances, FSSO's performance may have been impeded by Domain Controllers that were slow to answer LDAP queries for group lookup. Because of this, new enhancements for LDAP queries have been introduced.

Prior to FortiAuthenticator 4.3, mousing-over Domain Controllers and their most recent LDAP query showed the status of the query, and how long ago it was. Now it also shows the LDAP query's response time in milliseconds (ms). This response time will show a warning icon if the highest recent response time is above 500 ms.

In addition, you can click on the Domain Controller entry to view statistics for the 100-most recent LDAP queries. The listed response times will be colour coordinated as follows: green for less than 500 ms, orange for time between 500 and 1000 ms, and red for more than/equal to 1000 ms.

SSO Sessions

To monitor SSO sessions, go to Monitor > SSO > SSO Sessions. Users can be manually logged off of if required.

The following information is available:

Refresh Refresh the SSO sessions list.
Logoff All Log off all of the connected users.
Logoff Selected Log off only the selected users.
Search Enter a search term in the search field, then select Search to search the SSO sessions list.
Logon Time When the session was started.
Update Time When the session was last updated.
Workstation The workstation that the user is using.
IP address The IP address of the workstation.
Username The username of the user.
Source The source of the connection.
Group The group to which the user belongs.

Domain Controllers

Domain controllers that are registered with the FortiAuthenticator unit can be viewed by going to Monitor > SSO > Domain Controllers.

The domain controllers list can be refreshed by selecting Refresh, and searched using the search field.

The list shows the connection status of the domain controller, as well as its update time and IP address. The total number of events, as well as the most recent event, are also shown.

FortiGates

FortiGate units that are registered with the FortiAuthenticator unit can be viewed at Monitor > SSO > FortiGates.

The list can be refreshed by selecting Refresh and searched using the search field. The list shows the connection time of each device, as well as its IP address and serial number.

User authentication events are logged in the FortiGate event log. See the FortiGate Handbook for more information.

DC/TS Agents

Domain Controller (DC) Agents and Terminal Server (TS) Agents that are registered with the FortiAuthenticator unit can be viewed at Monitor > SSO > DC/TS Agents.

The list can be refreshed by selecting Refresh and searched using the search field.

The list shows the server name of each agent, as well as its IP address, its agent type, last connection time, connection status, and the number of logged-on users.

 

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy