Configuring user verification with an LDAP server for authentication
The following provides an example of configuring user verification, using an LDAP server for authentication. This example sends the invitation code to a single user. This configuration consists of the following steps:
- The EMS administrator adds the LDAP server to EMS.
- The EMS administrator configures an invitation code, and send the invitation code to the desired user.
- The end user receives the invitation email, and uses it to download FortiClient.
- The end user connects to EMS using their AD credentials.
To add the LDAP server to EMS:
- Go to User Management > Authorized User Groups.
- Click Add.
- In the IP address/Hostname field, enter the server IP address.
- For Bind type, select Regular.
- In the Username and Password fields, provide the credentials required to access the LDAP server.
- Enable LDAPS connection and upload a certificate authority certificate or server certificate file in PEM or DER format.
- If needed, configure other fields.
- Click Test.
- After the test succeeds, click Save. After a few minutes, EMS imports devices from the LDAP server.
To create an invitation code:
- Go to User Management > Invitations.
- Click Add.
- Configure the invitation:
- In the Name field, enter the desired invitation name.
- For Type, select Individual.
- Enable Send Email Notifications.
- In the Email Recipients field, enter the email address of the desired user.
- In the Include FortiClient Installer field, add a FortiClient deployment package. The email that the user receives will include a link to download this deployment package.
- If desired, use the Expiring and Expiry Date fields to set an expiry date for this invitation.
- For Verification Type, select LDAP.
- From the LDAP Domain dropdown list, select the domain that the user belongs to.
- Click Save.
To install FortiClient on the user device:
- The endpoint user receives the invitation email. They click the download link the email to download the FortiClient deployment package.
- The user uses the deployment package to install FortiClient on their endpoint.
- Once the install completes, FortiClient launches and prompts for the user to enter their AD credentials. EMS verifies that the credentials match a known user in the AD domain that was configured in the invitation code and allows the user to connect to FortiClient EMS.