An administrator has an active directory (AD) server integrated with FortiAuthenticator. They want members of only specific AD groups to participate in FSSO with their corporate FortiGate firewalls. How does the administrator accomplish this goal? (Choose one answer)

A. Configure fine-grained controls on FortiAuthenticator to designate AD groups.
B. Configure a domain groupings list to identify the desired AD groups.
C. Configure SSO groups and assign them to FortiGate groups.
D. Configure a FortiGate filter on FortiAuthenticator.

Correct Answer: D

Brave-Dump Clients Votes

D 100%

Comments

Juan Diego Ruiz 2025-04-15 22:30:28

Selected Answers: D

In order to provide FSSO to specific groups on a remote LDAP server, you can filter the polling information so
that it includes only those groups.
You can create a FortiGate filter on the FortiGate Filtering page. You must name the filter, provide the IP
address of FortiGate, enable Forward FSSO information for users from the following subset of
users/groups/containers only, and select the LDAP server and remote group on which you want to filter.
In some situations is may be desirable to exclude designated IP addresses from the FSSO process, for example,
domain controllers or Exchange servers. This is accomplished through the creation of IP filtering rules. Once
crated these rules can be added to the FortiGate filtering configuration.
Note that FortiGate filtering has no effect on which FSSO events are stored on FortiAuthenticator. The filters
affect only which events are passed down to FortiGate.