FortiGate firewalls come with a single sign on feature that allows you as an administrator to control user access without Group Policies, which is a great option for BYOD environments (since the rules won’t be contingent on Domain access).
On the flip side, you can also set the rules to restrict any non-Domain-joined computers to maintain a higher level of security. Additionally, this feature has advanced logging which can allow the tracking of user access in order to build smarter groups or security policies.
This walkthrough is a follow-up to our instructions on configuring internal segmentation on a single FortiGate. Since these features come with the firewall at no extra cost, they are cost-effective ways for smaller organizations to maintain a higher level of security and improve user visibility.
This walkthrough covers installing FortiGate Single Sign On (FSSO) on a Domain Controller and setup of a FortiGate for data collection and user management.