FortiClient EMS - Prevent Constant Entering of Invitation Code for AD Users on Multiple Windows PCs

Hello! I have an issue related to FortiClient EMS and how it's deployment model installed on Windows PCs is needing to use the invite code for every AD user that signs into a PC. In other words, I'm doing something wrong for how EMS handles  for AD users.

I am deploying this for a client to manage web filtering profiles for verified AD users and sometimes these users need to access many different machines across the facility. Ideally, when a device is installed with the FortiClient program from the EMS deployment models, we apply the invite code and the device is tethered to our EMS server. This theoretically is all we need to do for handling the invitation, and once a user logs in with their AD credentials a unique web filter would be applied to them automatically no matter what PC they're on. Now, the problem is that we don't have a way to have FortiClient activate once we've installed it and used our invite code and instead, signing out and signing in between AD users shows FortiClient not going online at all. One user might have EMS detect them but that would be the account we would be signed into when installing the FortiClient and inviting it to the EMS server. The only way to get this to work is to use another invite code for every user to sign in (when instead they're logged as a "verified" user) and we have to keep entering the user's invitation code on every single device they sign into, building licenses for verified users in the User Management's verified users section. We cannot afford to do this, as the scope of their work amounts to keeping the same web filtering profile on any device they sign into with their AD credentials and having FortiClient stay connected the whole way through.

I just need to know where I'm making this mistake, either within their deployments or if I need to do something else or extra. What am I missing? Any help would be more than appreciated!