Configuring Single Sign On to Windows AD

Chapter 3 Authentication for FortiOS 5.0 : Single Sign-On to Windows AD : Configuring Single Sign On to Windows AD

On the FortiGate unit, security policies control access to network resources based on user groups. With Fortinet Single Sign On, this is also true but each FortiGate user group is associated with one or more Windows AD user groups. This is how Windows AD user groups get authenticated in the FortiGate security policy.

Fortinet Single Sign On sends information about Windows user logons to FortiGate units. If there are many users on your Windows AD domains, the large amount of information might affect the performance of the FortiGate units.

To configure your FortiGate unit to operate with either a Windows AD or a Novell eDirectory FSSO install, you

• Configure LDAP access to the Windows AD global catalog. See “Configuring LDAP server access”.

• Add Active Directory user groups to FortiGate FSSO user groups. See “Creating Fortinet Single Sign-On (FSSO) user groups”.

• Configure the LDAP Server as a Single Sign-On server. See “Configuring the LDAP Server as a Single Sign-On server”

• Create security policies for FSSO-authenticated groups. See “Creating security policies”.

• Optionally, specify a guest protection profile to allow guest access. See “Enabling guest access through FSSO security policies”.