user : fsso
Use this command to configure the FortiGate unit to receive user group information from a Directory Service server equipped with the Fortinet Single Sign On Agent (FSSO-Agent). You can specify up to five computers on which a FSSO collector agent is installed. The FortiGate unit uses these collector agents in a redundant configuration. If the first agent fails, the FortiGate unit attempts to connect to the next agent in the list.
You can add user groups to Directory Service type user groups for authentication in firewall policies.
config user fsso
edit <server_name>
set ldap_server <ldap‑server‑name>
set password <password>
set password2 <password2>
set password3 <password3>
set password4 <password4>
set password5 <password5>
set port <port_number>
set port2 <port2_number>
set port3 <por3_number>
set port4 <port4_number>
set port5 <port5_number>
set server <domain>
set server2 <domain2>
set server3 <domain3>
set server4 <domain4>
set server5 <domain5>
set source-ip <ipv4_addr>
edit <server_name>
Enter a name to identify the Directory Service server.
Enter a new name to create a new server definition or enter an existing server name to edit that server definition.
No default.
ldap_server <ldap‑server‑name>
Enter the name of the LDAP server to be used to access the Directory Service.
No default.
password <password>
password2 <password2>
password3 <password3>
password4 <password4>
password5 <password5>
For each collector agent, enter the password.
No default.
port <port_number>
port2 <port2_number>
port3 <por3_number>
port4 <port4_number>
port5 <port5_number>
For each collector agent, enter the port number used for communication with FortiGate units.
server <domain>
server2 <domain2>
server3 <domain3>
server4 <domain4>
server5 <domain5>
Enter the domain name or IP address for up to five collector agents. Range from 1 to 63 characters.
No default.
source-ip <ipv4_addr>
Enter the source IP for communications to FSSO server.