Solution
There could be 2 problems:
In most cases, the FortiGate receives login information, but can't translate the Windows AD group into the protection profile. Make sure that all the required Windows AD groups are included in the FortiGate user groups and that all FortiGate user groups are included into the authentication security policy.
There may be a problem with AD FSSO service running on the Windows AD server.
To ensure the problem is on windows side
1. Go to Log&Report > Log Config.
2. Enable firewall authentication event logging and debug level logging on the FortiGate.
3. Ask one or more users to log in into windows.
4. Check the FortiGate logs for the logon event from the Windows AD server.
If there is no new logon event entry in the logs, the problem is with Windows side. Use MS Windows AD documentation to troubleshoot the problem.