What must be added to a FortiGate device configured for agentless polling mode to retrieve AD user group information?

To retrieve Active Directory (AD) user group information in a FortiGate device configured for agentless polling mode, adding an LDAP server is essential. The LDAP (Lightweight Directory Access Protocol) server facilitates communication between the FortiGate device and the Active Directory. This communication allows the device to query and retrieve various directory information, including user groups.

In agentless polling mode, the FortiGate interacts with the LDAP server to authenticate and authorize users based on their AD attributes and group memberships. By integrating an LDAP server, the FortiGate can effectively manage user access controls and apply security policies based on the user group information pulled from Active Directory.

While other options like RADIUS servers, Active Directory bridges, and SAML providers have their roles in user authentication and identity management, they do not directly enable the retrieval of AD group information in the context of agentless polling mode. RADIUS, for instance, primarily focuses on authentication rather than directory querying, while SAML is used for single sign-on scenarios. An Active Directory bridge connects networks but also does not specifically facilitate the LDAP querying process needed here. Thus, the correct and critical component for this function in FortiGate is the integration of an LDAP server.