In User Management, you can configure options for user verification. EMS supports the following user verification methods:
End user does not need to provide any credentials to connect to EMS.
End user must provide credentials that match a local user configured in User Management > Local Users to connect to EMS.
You must create a local user to configure this option. See Local users.
End user must provide their domain credentials to connect to EMS.
You must configure an LDAP domain to configure this option. See Adding endpoints using an AD domain server.
End user must provide their credentials for an SAML identity provider, such as Azure Active Directory (AD), to connect to EMS.
You must configure SAML settings to configure this option. See SAML Configuration.
The process is as follows:
- The EMS administrator configures the desired verification method. For example, the EMS administrator can configure an AD server for EMS to connect to. EMS imports user groups from the configured AD server. See Authorized User Groups.
- The EMS administrator creates an invitation, which includes a FortiClient installer and verification method. In this example, the EMS administrator would create an invitation that only applies to users that belong to the desired AD domain. See Invitations.
- The EMS administrator sends the invitation to end users by email or SMS.
- The end user downloads the FortiClient installer using the link included in the email.
- The end user installs FortiClient on their endpoint.
- FortiClient automatically launches and prompts for the user to enter their credentials. The end user enters their AD credentials. EMS verifies that the credentials match a known user in the AD domain that was configured in the invitation code and allows the user to connect to FortiClient EMS.
This feature requires per-user licensing. See Windows, macOS, and Linux licenses.