Fortinet black logo

EMS Administration Guide

FortiClient management based on Active Directory user/user groups

FortiClient management based on Active Directory user/user groups

You can assign FortiClient policies based on endpoint devices in organizational units.

To assign device groups, user groups, and users to a policy:
  1. Go to Endpoint Policy. Create a new policy or select an existing one.
  2. In the Endpoint Groups field, click Edit. In the Add Endpoint Groups dialog, select the desired device and/or user groups. Click Save.

  3. In the Users field, select the desired users.
  4. Click Save.

When FortiClient connects to EMS, the following occurs:

  1. If a policy is assigned to the FortiClient user, EMS assigns that policy to the endpoint.
  2. If there are policies for the FortiClient group container and/or user groups, EMS assigns the policy with the highest global priority.
  3. If there are inherited policies for group containers and/or user groups, EMS assigns the inherited policy with the highest global priority.

In Endpoint Policy & Components Manage Policies, you can click Edit Columns to select which columns to display.

The Manage Policies page displays a progress line that indicates each policy's FortiClient synchronization status. The Endpoint Count column shows the number of FortiClient endpoints with the policy assigned and the number of endpoints that have not been seen for the past 30 days.

Click the endpoint count to see the endpoint list.

To deploy FortiClient to endpoints with user-based management:
  1. (Optional) Create a custom installer.
  2. Go to System Settings > Feature Select. Select the features to globally show and hide. In 6.4.0, you no longer select available features for each deployment package.
  3. Create a deployment package.
  4. Create a deployment configuration.

For details on this deployment process, see the FortiClient EMS Administration Guide.

In Deployment > Management Deployment, the Deployment Package column displays a progress line indicating each deployment package's deployment state.

FortiClient management based on Active Directory user/user groups

You can assign FortiClient policies based on endpoint devices in organizational units.

To assign device groups, user groups, and users to a policy:
  1. Go to Endpoint Policy. Create a new policy or select an existing one.
  2. In the Endpoint Groups field, click Edit. In the Add Endpoint Groups dialog, select the desired device and/or user groups. Click Save.

  3. In the Users field, select the desired users.
  4. Click Save.

When FortiClient connects to EMS, the following occurs:

  1. If a policy is assigned to the FortiClient user, EMS assigns that policy to the endpoint.
  2. If there are policies for the FortiClient group container and/or user groups, EMS assigns the policy with the highest global priority.
  3. If there are inherited policies for group containers and/or user groups, EMS assigns the inherited policy with the highest global priority.

In Endpoint Policy & Components Manage Policies, you can click Edit Columns to select which columns to display.

The Manage Policies page displays a progress line that indicates each policy's FortiClient synchronization status. The Endpoint Count column shows the number of FortiClient endpoints with the policy assigned and the number of endpoints that have not been seen for the past 30 days.

Click the endpoint count to see the endpoint list.

To deploy FortiClient to endpoints with user-based management:
  1. (Optional) Create a custom installer.
  2. Go to System Settings > Feature Select. Select the features to globally show and hide. In 6.4.0, you no longer select available features for each deployment package.
  3. Create a deployment package.
  4. Create a deployment configuration.

For details on this deployment process, see the FortiClient EMS Administration Guide.

In Deployment > Management Deployment, the Deployment Package column displays a progress line indicating each deployment package's deployment state.