Fortinet white logo
Fortinet white logo
7.4.0

Configuring Jamf integration to allow FortiClient (iOS) to connect to EMS

Configuring Jamf integration to allow FortiClient (iOS) to connect to EMS

To configure integration between Jamf and FortiClient:
  1. In Jamf, go to All Settings. Configure the settings in SMTP Server and Push Certificates.

  2. Go to Global Management, and enable User-Initiated Enrollment.

  3. Go to Mobile Device Apps and add FortiClient from the App Store or by uploading it.

  4. Configure how the app is installed.

  5. Add App Configuration for FortiClient. This enables FortiClient to read the MAC address and UDID from the iOS device. FortiClient sends this information to EMS. Supported keys include the following:

    Key

    Description

    mac_address

    iOS device MAC address.

    udid

    iOS device UDID.

    group_tag

    This value is used as a group tag for configuration in EMS. The example uses the string "field_engineer" as a group tag, which is used when FortiClient initially connects to EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    cloud_invite_code

    This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new invitation_code key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to use cloud_invite_code for FortiClient (iOS) 7.2.3 and later versions if you do not configure invitation_code.

    invitation_code

    Enter the FortiClient Cloud or on-premise EMS invitation code.

    FortiClient 7.2.3 and later versions support this key.

  6. Configure a configuration profile:
    1. Go to Configuration Profiles and add a configuration profile.

    2. Under Options, select Content Filter. Add a content filter to point to the desired EMS.

    3. Enable Single App Mode for FortiClient. Single app mode launches the FortiClient app and connects it to EMS. If FortiClient does not launch in single app mode, it does not connect to EMS.

  7. Enroll the device:
    1. Go to Devices > Enrollment Invitations, then send an enrollment invitation to the device.

    2. Enroll the device.

  8. When the device is enrolled, FortiClient automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration. Once FortiClient is connected to EMS, disable single app mode for the device. Keep the EMS URL in the Content Filter section.

    The following shows the on-premise EMS GUI after FortiClient connects Telemetry.

Configuring Jamf integration to allow FortiClient (iOS) to connect to EMS

Configuring Jamf integration to allow FortiClient (iOS) to connect to EMS

To configure integration between Jamf and FortiClient:
  1. In Jamf, go to All Settings. Configure the settings in SMTP Server and Push Certificates.

  2. Go to Global Management, and enable User-Initiated Enrollment.

  3. Go to Mobile Device Apps and add FortiClient from the App Store or by uploading it.

  4. Configure how the app is installed.

  5. Add App Configuration for FortiClient. This enables FortiClient to read the MAC address and UDID from the iOS device. FortiClient sends this information to EMS. Supported keys include the following:

    Key

    Description

    mac_address

    iOS device MAC address.

    udid

    iOS device UDID.

    group_tag

    This value is used as a group tag for configuration in EMS. The example uses the string "field_engineer" as a group tag, which is used when FortiClient initially connects to EMS. EMS uses this value as an installer ID to assign the endpoint to a group. See Group assignment rule types.

    cloud_invite_code

    This value is used for connecting FortiClient to FortiClient Cloud. Enter the invite code received from FortiClient Cloud.

    For FortiClient iOS, this key is mainly meant to support 7.2.2 and earlier versions, as the new invitation_code key is available for FortiClient (iOS) 7.2.3 and later versions. However, you can continue to use cloud_invite_code for FortiClient (iOS) 7.2.3 and later versions if you do not configure invitation_code.

    invitation_code

    Enter the FortiClient Cloud or on-premise EMS invitation code.

    FortiClient 7.2.3 and later versions support this key.

  6. Configure a configuration profile:
    1. Go to Configuration Profiles and add a configuration profile.

    2. Under Options, select Content Filter. Add a content filter to point to the desired EMS.

    3. Enable Single App Mode for FortiClient. Single app mode launches the FortiClient app and connects it to EMS. If FortiClient does not launch in single app mode, it does not connect to EMS.

  7. Enroll the device:
    1. Go to Devices > Enrollment Invitations, then send an enrollment invitation to the device.

    2. Enroll the device.

  8. When the device is enrolled, FortiClient automatically connects to on-premise EMS or FortiClient Cloud, depending on the configuration. Once FortiClient is connected to EMS, disable single app mode for the device. Keep the EMS URL in the Content Filter section.

    The following shows the on-premise EMS GUI after FortiClient connects Telemetry.