Technical Tip: FortiClient behavior in an endpoint shared with multiple users when user verification is enabled

In FortiClient EMS, there are user verification methods inthe  Invitation Code: Local, Domain, or SAML.

The scenarios below demonstrate FortiClient's behavior when a machine is shared with multiple end users (for example, a computer in a public area like a library or reception area).

Case 1: If the Invitation Code does not have any verification method:

• UserA logs in to PC.
• UserA inputs the Invitation Code to join EMS.
• UserA logs out, UserB logins to PC.
• UserB FortiClient telemetry will stay connected to EMS.
  
  

Case 2: If the Invitation Code has a verification method:

• UserA logs in to the PC. UserA inputs the Invitation Code to join EMS.
• UserA performed the user verification and connected to EMS.
• UserA logs out, UserB login to PC.
• UserB FortiClient telemetry will be in a disconnected state, UserB will need to re-enter the Invitation Code to rejoin back to EMS.

Conclusion:

• FortiClient can only remember one 'User Verification' info at a time.
• When using FortiClient in a shared computer, do not configure any 'User Verification' to ensure FortiClient telemetry towards EMS is always persistent. Otherwise, another option is to just use EMS IP or FQDN to join EMS.