Skip to main content
Happii
Happii
Visitor III
February 11, 2025
Question

"Enforce User Verification" won't work when FortiClient connect/register using FQDN

  • February 11, 2025
  • 2 replies
  • 3615 views

Hi everyone,

 

The ZNTA on my FortiClient EMS working well with SAML verification user and invitation codes. However, we got problem on connecting using the FQDN.

- With unchecked "Enforce User Verification", the FortiClient using FQDN connect to EMS successfully without any SAML login (insecure as we adopt off-net workstation).

- With checked "Enforce User Verification", the FortiClient using FQDN doesn't connect to EMS. The error message is about the connection require invitation code.

 

if you made FQDN connection with user verification successfully, please kindly advise what is wrong or missing in my configuration setup.

 

Thanks so much.

2 replies

AEK
SuperUser
AEK
SuperUser
February 11, 2025

Hi Happii

It was successful for me, FCT EMS 7.4.x.

When you create the invitation you specify the FQDN in "EMS Listen Address", not the IP address. Then you re-send the invitation so the client uses the invitation code that was created based on FQDN.

AEK
    Happii
    HappiiAuthor
    Visitor III
    February 12, 2025

    Hi AEK, thanks for your sharing. we did configuration the same but won't work. have no idea what's wrong.

    Screenshot 2025-02-12 173720.png

    AEK
    SuperUser
    AEK
    SuperUser
    February 12, 2025

    Hi Happii

    You enter the invitation code instead of hostname:port.

    Did you generate an invitation? (EMS > invitation menu at top-right).

    AEK
      Happii
      HappiiAuthor
      Visitor III
      February 12, 2025

      Hi EAK, invitation was working well with me. But wonder why it was working with hostname:port (the FQDN) with my configuration. Fortinet's document wrote it would work both cases. That was my wonder and seeking for help.

       

      Terms & ConditionsAccessibility statement