The Lab wanted to achieve the below:
- Have two AD Users Group on On Premises AD – one to allow and one to deny users access to browse the website bbc.com
- Have Fortinet FSSO Agent installed on On Premises AD to sync users and groups from On Premises AD to Fortigate Firewall so I can create Firewall Policies directly using / referring AD Objects inside the Policies.
- Use the created Allow and Deny Policies respectively to Allow or Deny traffic to bbc.com based on AD Users Group Membership.
Userb denied correctly to browse to bbc.com even from Linux Host 
On Linux Host joined to OnPremises AD home_dir creation to new users upon login works correctly 
Usera correctly able to browse to the page bbc.com 
Linux Host correctly added to OnPremises AD domain hypervlab.local 
Userb correctly denied access to bbc.com 
AD Authentication Connection to Linux Host 
Fortigate SSO User Groups Created with Nested OnPremises AD Groups inside 
FSSO Agent from OnPremises AD Feeding Users to Fortigate Firewall correctly 
Setting up the FSSO Agent on the Fortigate Firewall * Already installed it on OnPremises AD* 
Able to login to Fortigate via LDAP Authentication through OnPremises AD 
Creating the LDAP Connection between Fortigate and OnPremises AD (II.) 
Creating the LDAP Connection between Fortigate and OnPremises AD 
On Linux host specify the username with domain\username and use the password for the account to login.
Fortigate OS 7.0 explaining the same in the administraton guide:
https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/795593/use-active-directory-objects-directly-in-policies