Fortinet black logo

EMS Administration Guide

Configuring user verification with an LDAP server for authentication

Configuring user verification with an LDAP server for authentication

The following provides an example of configuring user verification, using an LDAP server for authentication. This example sends the invitation code to a single user. This configuration consists of the following steps:

  1. The EMS administrator adds the LDAP server to EMS.
  2. The EMS administrator configures an invitation code, and send the invitation code to the desired user.
  3. The end user receives the invitation email, and uses it to download FortiClient.
  4. The end user connects to EMS using their Active Directory (AD) credentials.
To add the LDAP server to EMS:
  1. Go to Administration > Authentication Servers.
  2. Click Add.
  3. In the IP address/Hostname field, enter the server IP address.
  4. In the Username and Password fields, provide the credentials required to access the LDAP server.
  5. Enable LDAPS connection and upload a certificate authority certificate or server certificate file in PEM or DER format.
  6. If needed, configure other fields.
  7. Click Test.
  8. After the test succeeds, click Save. After a few minutes, EMS imports devices from the LDAP server.
To create an invitation code:
  1. Go to User Management > Invitations.
  2. Click Add.
  3. Configure the invitation:
    1. In the Name field, enter the desired invitation name.
    2. For Type, select Individual.
    3. Enable Send Email Notifications.
    4. In the Email Recipients field, enter the desired user email address.
    5. In the Include FortiClient Installer field, add a FortiClient deployment package. The email that the user receives includes a link to download this deployment package.
    6. If desired, use the Expiring and Expiry Date fields to set an expiry date for this invitation.
    7. For Verification Type, select LDAP.
    8. From the LDAP Domain User dropdown list, select the desired domain user. This option is available when configuring an invitation to send to an individual. When configuring a bulk invitation, you select an LDAP domain instead of a domain user.
  4. Click Save.
To install FortiClient on the user device:
  1. The endpoint user receives the invitation email. They click the download link the email to download the FortiClient deployment package.
  2. The user uses the deployment package to install FortiClient on their endpoint.
  3. Once the install completes, FortiClient launches and prompts for the user to enter their AD credentials. EMS verifies that the credentials match a known user in the AD domain that was configured in the invitation code and allows the user to connect to FortiClient EMS.

Configuring user verification with an LDAP server for authentication

The following provides an example of configuring user verification, using an LDAP server for authentication. This example sends the invitation code to a single user. This configuration consists of the following steps:

  1. The EMS administrator adds the LDAP server to EMS.
  2. The EMS administrator configures an invitation code, and send the invitation code to the desired user.
  3. The end user receives the invitation email, and uses it to download FortiClient.
  4. The end user connects to EMS using their Active Directory (AD) credentials.
To add the LDAP server to EMS:
  1. Go to Administration > Authentication Servers.
  2. Click Add.
  3. In the IP address/Hostname field, enter the server IP address.
  4. In the Username and Password fields, provide the credentials required to access the LDAP server.
  5. Enable LDAPS connection and upload a certificate authority certificate or server certificate file in PEM or DER format.
  6. If needed, configure other fields.
  7. Click Test.
  8. After the test succeeds, click Save. After a few minutes, EMS imports devices from the LDAP server.
To create an invitation code:
  1. Go to User Management > Invitations.
  2. Click Add.
  3. Configure the invitation:
    1. In the Name field, enter the desired invitation name.
    2. For Type, select Individual.
    3. Enable Send Email Notifications.
    4. In the Email Recipients field, enter the desired user email address.
    5. In the Include FortiClient Installer field, add a FortiClient deployment package. The email that the user receives includes a link to download this deployment package.
    6. If desired, use the Expiring and Expiry Date fields to set an expiry date for this invitation.
    7. For Verification Type, select LDAP.
    8. From the LDAP Domain User dropdown list, select the desired domain user. This option is available when configuring an invitation to send to an individual. When configuring a bulk invitation, you select an LDAP domain instead of a domain user.
  4. Click Save.
To install FortiClient on the user device:
  1. The endpoint user receives the invitation email. They click the download link the email to download the FortiClient deployment package.
  2. The user uses the deployment package to install FortiClient on their endpoint.
  3. Once the install completes, FortiClient launches and prompts for the user to enter their AD credentials. EMS verifies that the credentials match a known user in the AD domain that was configured in the invitation code and allows the user to connect to FortiClient EMS.