Fortinet Server Authentication Extension (FSAE) 3.5

Fortinet Server Authentication Extension (FSAE), developed by Fortinet Inc., is an identity-integration solution that provides transparent user authentication for FortiGate security policies. By monitoring Microsoft Active Directory logon events in real time, FSAE maps users and groups to source IP addresses so you can enforce identity-based firewall rules, web filtering, and reporting without prompting users for credentials.

FSAE typically uses two components: a DC Agent running on domain controllers to capture logon/logoff events, and a Collector Agent on a Windows server to aggregate user-to-IP mappings and group membership. The Collector communicates securely with FortiGate devices, enabling granular, group-based access control across single or multiple domains and forests. An optional Terminal Services/Citrix agent can distinguish multiple users on the same host.

Key benefits:

• Seamless single sign-on for domain users
• Precise, group-based policy enforcement and reporting
• Minimal user disruption and reduced help desk load
• Scalable design with redundancy options for multi-DC environments

Common use cases:

• Applying different internet and application access policies by department or role
• Enhancing auditability and compliance through user-attributed logs
• Reducing reliance on captive portals or manual authentication

Note: In current Fortinet documentation, FSAE is commonly referred to as Fortinet Single Sign-On (FSSO).

Fortinet Server Authentication Extension (FSAE) is developed by Fortinet Inc.. The most popular versions of this product among our users are: 3.0 and 3.5.