Fortinet black logo

Configuring Workspace ONE integration

Copy Link
Copy Doc ID 9defe1ea-d080-11eb-97f7-00505692583a:539839
Download PDF

Configuring Workspace ONE integration

Workspace ONE integration allows FortiClient (iOS) endpoints to connect to EMS. This documentation is based on Workspace ONE UEM 20.8.0.6.

To configure integration between Workspace ONE and FortiClient (iOS):
  1. In Workspace ONE, go to Assignment Groups. Create a new assignment group.

  2. Go to Accounts, and add a new user.

  3. Add a new device for the user:
    1. From the Device Ownership Type dropdown list, select Corporate - Dedicated.
    2. From the Platform dropdown list, select Apple iOS.
    3. For Message Type, select EMAIL.

    4. Save. This sends an AirWatch device activation email to the user.
  4. The user installs Intelligent Hub on the device and scans the QR code in the activation email to enroll the device.

  5. In Workspace ONE, go to Apps & Books, and add FortiClient (iOS) from the public app store.

  6. When adding an assignment, enter the desired name and select the desired assignment groups. Configure the deployment as desired.

    In Application Configuration, you can optionally add key-value pairs as shown. This enables FortiClient (iOS) to read the MAC address and UDID from the iOS device. FortiClient sends this information to EMS.

    The following shows the configuration for a FortiClient (iOS) device that will connect Telemetry to FortiClient Cloud:

    Supported keys include the following:

    Key

    Description

    mac_address

    iOS device MAC address.

    udid

    iOS device UDID.

    ems_server

    EMS server IP address.

    ems_port

    EMS port number.

    group_tag

    This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    cloud_invite_code

    This value is used for connecting FortiClient (iOS) to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    ems_key

    Telemetry connection key. The EMS administrator may require FortiClient (iOS) to provide this key during connection.

  7. You can add more assignments and use different group_tag values.

  8. Go to Devices, and add a profile:
    1. Go to the Content Filter section. In the User name field, enter the EMS URL.

    2. Go to Single App Mode, and configure as shown to enable single app mode. This makes FortiClient (iOS) run.

    3. Assign the profile to the device.
  9. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration. Once FortiClient connects to EMS, disable single app mode for the device. Keep the EMS URL in the Content Filter section.

    The following shows the on-premise EMS GUI after FortiClient (iOS) connects Telemetry.

Configuring Workspace ONE integration

Workspace ONE integration allows FortiClient (iOS) endpoints to connect to EMS. This documentation is based on Workspace ONE UEM 20.8.0.6.

To configure integration between Workspace ONE and FortiClient (iOS):
  1. In Workspace ONE, go to Assignment Groups. Create a new assignment group.

  2. Go to Accounts, and add a new user.

  3. Add a new device for the user:
    1. From the Device Ownership Type dropdown list, select Corporate - Dedicated.
    2. From the Platform dropdown list, select Apple iOS.
    3. For Message Type, select EMAIL.

    4. Save. This sends an AirWatch device activation email to the user.
  4. The user installs Intelligent Hub on the device and scans the QR code in the activation email to enroll the device.

  5. In Workspace ONE, go to Apps & Books, and add FortiClient (iOS) from the public app store.

  6. When adding an assignment, enter the desired name and select the desired assignment groups. Configure the deployment as desired.

    In Application Configuration, you can optionally add key-value pairs as shown. This enables FortiClient (iOS) to read the MAC address and UDID from the iOS device. FortiClient sends this information to EMS.

    The following shows the configuration for a FortiClient (iOS) device that will connect Telemetry to FortiClient Cloud:

    Supported keys include the following:

    Key

    Description

    mac_address

    iOS device MAC address.

    udid

    iOS device UDID.

    ems_server

    EMS server IP address.

    ems_port

    EMS port number.

    group_tag

    This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    cloud_invite_code

    This value is used for connecting FortiClient (iOS) to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    ems_key

    Telemetry connection key. The EMS administrator may require FortiClient (iOS) to provide this key during connection.

  7. You can add more assignments and use different group_tag values.

  8. Go to Devices, and add a profile:
    1. Go to the Content Filter section. In the User name field, enter the EMS URL.

    2. Go to Single App Mode, and configure as shown to enable single app mode. This makes FortiClient (iOS) run.

    3. Assign the profile to the device.
  9. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration. Once FortiClient connects to EMS, disable single app mode for the device. Keep the EMS URL in the Content Filter section.

    The following shows the on-premise EMS GUI after FortiClient (iOS) connects Telemetry.