When a user logs in, FSSO typically collects: username, domain, workstation, IP address, and group membership, and forwards it to FortiGate/FortiManager
+
### Building blocks
+
**A) Collector Agent (CA) (Windows FSSO agent)**
+
The FSSO Collector Agent runs as a service and collects logon events, then sends user/IP mappings to FortiGate (often based on group filters).
+
+
It can collect data either from DC Agents or by polling Domain Controllers directly.
+
+
**B) DC Agent (domain controller plugin)**
+
In DC Agent mode, each Domain Controller has a Fortinet DC Agent installed (a DLL), which reads auth events and forwards them to the Collector.
+
+
**C) Polling mode (no software on DCs)**
+
In Polling mode, the Collector Agent polls the DCs for logon events and forwards them to FortiGate.
