Introduction to agent-based FSSO
Fortinet Single Sign-On (FSSO), through agents installed on the network, monitors user logons and passes that information to the FortiGate unit. When a user logs on at a workstation in a monitored domain, FSSO
• detects the logon event and records the workstation name, domain, and user,
• resolves the workstation name to an IP address,
• determines which user groups the user belongs to,
• sends the user logon information, including IP address and groups list, to the FortiGate unit
• creates one or more log entries on the FortiGate unit for this logon event as appropriate.
When the user tries to access network resources, the FortiGate unit selects the appropriate security policy for the destination. If the user belongs to one of the permitted user groups associated with that policy, the connection is allowed. Otherwise the connection is denied.
| FSSO can also provide NTLM authentication service for requests coming from FortiGate. SSO is very convenient for users, but may not be supported across all platforms. NTLM is not as convenient, but it enjoys wider support. See “FSSO NTLM authentication support”. |