certificate for FGFM protocol - Error (Auto Link Disabled)

Hi Team, 

I am applying Secure communication between FortiManger and FortiGate. The certificates are good and tested properly. 

Here are the errors and debugs:

FortiManager:

2024-10-28 22:07:06 { "client": "dmserver:907", "id": 30, "method": "exec", "params": [{ "data": { "device": 164, "force": 0, "sn": "FGT70FTK220----9", "sn list": []}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}
2024-10-28 22:07:06 FGFMs(FGT70FTK220----9-164-172.16.1.1): server:send:
2024-10-28 22:07:06 put auth
user=admin
passwd=******

2024-10-28 22:07:06 FGFMs(FGT70FTK220----9-164-172.16.1.1): server:
2024-10-28 22:07:06 reply 501
request=auth

2024-10-28 22:07:06 Response:
2024-10-28 22:07:06 { "id": 30, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
2024-10-28 22:07:06 Response [unknown]:
2024-10-28 22:07:06 { "id": 30, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
2024-10-28 22:07:06 Request:
2024-10-28 22:07:06 { "client": "dmserver:907", "id": 31, "method": "exec", "params": [{ "data": { "device": 164, "force": 0, "sn": "FGT70FTK220----9", "sn list": []}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}
2024-10-28 22:07:06 FGFMs(FGT70FTK22014599-164-172.16.1.1): server:send:
2024-10-28 22:07:06 put auth
user=admin
passwd=******

2024-10-28 22:07:06 FGFMs(FGT70FTK220----9-164-172.16.1.1): server:
2024-10-28 22:07:06 reply 501
request=auth

2024-10-28 22:07:06 Response:
2024-10-28 22:07:06 { "id": 31, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
2024-10-28 22:07:06 Response [unknown]:
2024-10-28 22:07:06 { "id": 31, "result": [{ "status": { "code": 2, "message": "no permission"}, "url": "start\/tunnel"}]}
2024-10-28 22:07:06 Request:
2024-10-28 22:07:06 { "client": "dmserver:907", "id": 32, "method": "exec", "params": [{ "data": { "device": 164, "force": 0, "sn": "FGT70FTK220----9", "sn list": []}, "target start": 3, "url": "start\/tunnel"}], "root": "fgfm"}
2024-10-28 22:07:06 FGFMs(FGT70FTK220----9-164-172.16.1.1): server:send:
2024-10-28 22:07:06 put auth
user=admin
passwd=******

The Error on FortiGate:

Message Administrator admin login failed from fgfm(172.16.1.101) because of invalid password

On the FortiManger - Here is the configuration:

config system global
set fgfm-ca-cert 1
set fgfm-cert-exclusive enable
set fgfm-local-cert "FAC"
set usg enable
end

It works after adding username and password for the device under the FortiManager using:

# execute device replace user <device_name> <username>

# execute device replace pw <device_name> <password>

I want to understand why the username and password needs to be added manually after successful certificate verification.