Fortinet black logo

Workspace ONE Deployment Guide

Home FortiClient 7.2.0 Workspace ONE Deployment Guide
7.2.0
7.2.0
7.0.0

Configuring Workspace ONE integration to allow FortiClient (Android) to connect to EMS

Configuring Workspace ONE integration to allow FortiClient (Android) to connect to EMS

Workspace ONE integration allows FortiClient endpoints to connect to EMS. This documentation is based on Workspace ONE 23.

To configure integration between Workspace ONE and FortiClient:
  1. In Workspace ONE, go to Accounts, and add a new user.

  2. Add a new device for the user:
    1. From the Device Ownership Type dropdown list, select Corporate - Dedicated.
    2. From the Platform dropdown list, select Android.
    3. For Message Type, select EMAIL.
    4. Save. This sends a Workspace ONE device activation email to the user.
  3. Go to Groups & Settings > Groups > Assignment Groups > Add Smart Group. Create a new assignment group and add specific members to the group based on required criteria or devices and users.

  4. Go to Resources > Native > Public > Add Application.
  5. For Platform, select Android.
  6. Search the app store for FortiClient.
  7. Clicking Save & Assign takes you to the assignment page. Enter the desired name and select the desired assignment groups. Configure the deployment as desired.
  8. In the FortiClient - Assignment dialog, in Application Configuration, you can optionally add key-value pairs. Workspace ONE lists available key configurations. The following table shows supported key configurations in case you need to enter them manually:

    Key

    Description

    cloud_invite_code

    This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    This key is mainly meant to support 7.2.0 and earlier versions, as the new invitation_code key is available for FortiClient (Android) 7.2.1 and later versions. However, you can continue to use cloud_invite_code for FortiClient (Android) 7.2.1 and later versions if you do not configure invitation_Code.

    device_id

    Device UDID.

    ems_key

    Telemetry connection key. The EMS administrator may require FortiClient to provide this key during connection.

    ems_port

    EMS port number.

    ems_server

    EMS server IP address.

    group_tag

    This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    invalid_ems_certificate_warning

    Behavior to take when FortiClient detects that EMS has an invalid certificate. Enter one of the following values:

    • allow: connect to EMS with no warning.
    • warn: show a warning that allows the user to decide whether to connect or not.
    • deny: prevent users from connecting to EMS.

    invitation_code

    Enter the FortiClient Cloud or on-premise EMS invitation code.

    FortiClient (7.2.1 and later versions support this key.

    mac_address

    Device MAC address.

    should_show_login_page

    Configure whether FortiClient presents a login page to the user. Enter true to present the login page and false to skip the login page.

    user_name

    FortiClient username.

  9. The user installs Intelligent Hub from the Google Play Store on the device and scans the QR code in the activation email to enroll the device. The user then logs in using the account that you created in step 1. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration.
Previous
Next

Configuring Workspace ONE integration to allow FortiClient (Android) to connect to EMS

Workspace ONE integration allows FortiClient endpoints to connect to EMS. This documentation is based on Workspace ONE 23.

To configure integration between Workspace ONE and FortiClient:
  1. In Workspace ONE, go to Accounts, and add a new user.

  2. Add a new device for the user:
    1. From the Device Ownership Type dropdown list, select Corporate - Dedicated.
    2. From the Platform dropdown list, select Android.
    3. For Message Type, select EMAIL.
    4. Save. This sends a Workspace ONE device activation email to the user.
  3. Go to Groups & Settings > Groups > Assignment Groups > Add Smart Group. Create a new assignment group and add specific members to the group based on required criteria or devices and users.

  4. Go to Resources > Native > Public > Add Application.
  5. For Platform, select Android.
  6. Search the app store for FortiClient.
  7. Clicking Save & Assign takes you to the assignment page. Enter the desired name and select the desired assignment groups. Configure the deployment as desired.
  8. In the FortiClient - Assignment dialog, in Application Configuration, you can optionally add key-value pairs. Workspace ONE lists available key configurations. The following table shows supported key configurations in case you need to enter them manually:

    Key

    Description

    cloud_invite_code

    This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    This key is mainly meant to support 7.2.0 and earlier versions, as the new invitation_code key is available for FortiClient (Android) 7.2.1 and later versions. However, you can continue to use cloud_invite_code for FortiClient (Android) 7.2.1 and later versions if you do not configure invitation_Code.

    device_id

    Device UDID.

    ems_key

    Telemetry connection key. The EMS administrator may require FortiClient to provide this key during connection.

    ems_port

    EMS port number.

    ems_server

    EMS server IP address.

    group_tag

    This value is used as a group tag for configuration in EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    invalid_ems_certificate_warning

    Behavior to take when FortiClient detects that EMS has an invalid certificate. Enter one of the following values:

    • allow: connect to EMS with no warning.
    • warn: show a warning that allows the user to decide whether to connect or not.
    • deny: prevent users from connecting to EMS.

    invitation_code

    Enter the FortiClient Cloud or on-premise EMS invitation code.

    FortiClient (7.2.1 and later versions support this key.

    mac_address

    Device MAC address.

    should_show_login_page

    Configure whether FortiClient presents a login page to the user. Enter true to present the login page and false to skip the login page.

    user_name

    FortiClient username.

  9. The user installs Intelligent Hub from the Google Play Store on the device and scans the QR code in the activation email to enroll the device. The user then logs in using the account that you created in step 1. When FortiClient starts on the device, it automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration.
Previous
Next