Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Invitations

You can configure invitation codes to email to end users. After installing FortiClient, end users can enter the invitation codes to connect FortiClient to EMS.

To add an invitation code:
  1. Go to Invitations in the upper right corner, in Endpoints > Invitations, or in User Management > Inivitations.
  2. Do one of the following:
    1. To create a new invitation code, click Add.
    2. To edit an existing invitation code, select the desired invitation code. Click Edit.
  3. Configure the invitation:
    1. From the EMS Listen Address, select the desired address.
    2. To send the code to a single recipient, select Individual. Otherwise, select Bulk.
    3. Enable Send Email Notifications. You can only enable this option if you have configured SMTP settings. See Configuring SMTP Server settings.
    4. In the Include FortiClient Installer field, click Create a new installer to add a deployment package to the invitation. The invitation email will receive a link that they can download the configured deployment package from. For deployment package option details, see Adding a FortiClient deployment package.
    5. In the Email recipients field, enter the email addresses of the desired end users.
    6. If desired, enable Send SMS notifications.
    7. If desired, enable Expiring.
    8. In the Expiry date field, set the expiry date.
    9. For Verification Type, select one of the following:

      Verification type

      Description

      None

      End user does not need to provide any credentials to connect to EMS.

      Local

      End user must provide credentials that match a local user configured in User Management > Local Users to connect to EMS.

      You must create a local user to configure this option. See Local users.

      LDAP

      End user must provide their domain credentials to connect to EMS.

      You must configure an LDAP domain to configure this option. See Adding endpoints using an AD domain server.

      SAML

      End user must provide their credentials for an SAML identity provider, such as Azure Active Directory, to connect to EMS.

      You must configure SAML settings to configure this option. See SAML Configuration.

    10. In the Comments field, enter any comments if desired. Click Save.

End users receive an email or SMS notification as configured that includes the configured invitation code and installer. They can install FortiClient on their devices using the included installer, and enter the invitation code in the Register with Zero Trust Fabric field on the FortiClient Zero Trust Telemetry tab to connect to EMS if their FortiClient did not connect automatically to EMS after installation. Based on the verification type configured in the invitation code, the user may also need to enter their credentials to connect to EMS.

Invitations

You can configure invitation codes to email to end users. After installing FortiClient, end users can enter the invitation codes to connect FortiClient to EMS.

To add an invitation code:
  1. Go to Invitations in the upper right corner, in Endpoints > Invitations, or in User Management > Inivitations.
  2. Do one of the following:
    1. To create a new invitation code, click Add.
    2. To edit an existing invitation code, select the desired invitation code. Click Edit.
  3. Configure the invitation:
    1. From the EMS Listen Address, select the desired address.
    2. To send the code to a single recipient, select Individual. Otherwise, select Bulk.
    3. Enable Send Email Notifications. You can only enable this option if you have configured SMTP settings. See Configuring SMTP Server settings.
    4. In the Include FortiClient Installer field, click Create a new installer to add a deployment package to the invitation. The invitation email will receive a link that they can download the configured deployment package from. For deployment package option details, see Adding a FortiClient deployment package.
    5. In the Email recipients field, enter the email addresses of the desired end users.
    6. If desired, enable Send SMS notifications.
    7. If desired, enable Expiring.
    8. In the Expiry date field, set the expiry date.
    9. For Verification Type, select one of the following:

      Verification type

      Description

      None

      End user does not need to provide any credentials to connect to EMS.

      Local

      End user must provide credentials that match a local user configured in User Management > Local Users to connect to EMS.

      You must create a local user to configure this option. See Local users.

      LDAP

      End user must provide their domain credentials to connect to EMS.

      You must configure an LDAP domain to configure this option. See Adding endpoints using an AD domain server.

      SAML

      End user must provide their credentials for an SAML identity provider, such as Azure Active Directory, to connect to EMS.

      You must configure SAML settings to configure this option. See SAML Configuration.

    10. In the Comments field, enter any comments if desired. Click Save.

End users receive an email or SMS notification as configured that includes the configured invitation code and installer. They can install FortiClient on their devices using the included installer, and enter the invitation code in the Register with Zero Trust Fabric field on the FortiClient Zero Trust Telemetry tab to connect to EMS if their FortiClient did not connect automatically to EMS after installation. Based on the verification type configured in the invitation code, the user may also need to enter their credentials to connect to EMS.