Configuring Workspace ONE integration to allow FortiClient (iOS) to connect to EMS
Workspace ONE integration allows FortiClient endpoints to connect to EMS. This documentation is based on Workspace ONE 23.
To configure integration between Workspace ONE and FortiClient:
- In Workspace ONE, go to Accounts, and add a new user.
- Add a new device for the user:
- From the Device Ownership Type dropdown list, select Corporate - Dedicated.
- From the Platform dropdown list, select Apple iOS.
- For Message Type, select EMAIL.
- Save. This sends an Workspace ONE device activation email to the user.
- Go to Assignment Groups. Create a new assignment group and add specific members to the group based on required criteria or devices and users.
- Go to Resources, and add FortiClient from the public app store.
- When adding an assignment, enter the desired name and select the desired assignment groups. Configure the deployment as desired. In Application Configuration, you can optionally add key-value pairs as shown.
This enables FortiClient to read the MAC address and UDID from the iOS device. FortiClient sends this information to EMS.
Supported keys include the following:
Key
Description
mac_address
iOS device MAC address.
udid
iOS device UDID.
ems_server
EMS server IP address.
ems_port
EMS port number.
group_tag
This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.
cloud_invite_code
This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.
For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new
invitation_code
key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to usecloud_invite_code
for FortiClient (iOS) 7.2.3 and later versions if you do not configureinvitation_code
.This key does not support configuring invitation codes from on-premise EMS.
ems_key
Telemetry connection key. The EMS administrator may require FortiClient to provide this key during connection.
invitation_code
Enter the FortiClient Cloud or on-premise EMS invitation code.
FortiClient 7.2.3 and later versions support this key.
- You can add more assignments and use different group_tag values.
- Go to Resources and add a new profile:
- Go to the Content Filter section. In the User name field, enter the EMS URL.
- Go to Single App Mode, and configure as shown to enable single app mode. This makes FortiClient run.
- The user installs Intelligent Hub on the device and scans the QR code in the activation email to enroll the device.
- When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration. Once FortiClient connects to EMS, disable single app mode for the device. Keep the EMS URL in the Content Filter section.
The following shows the on-premise EMS GUI after FortiClient connects Telemetry.