Setting end users FortiClient Certificate

We have had FortiClient deployed without our business by a 3rd party and is managed via EMS.

This is mainly for remote access, which is working fine. Though we have the situation a number of our users have additional user certificates beyond our standard user certificate due to the nature of some of their work, most are issued by 3rd parties for dedicated secure applications.

So we have the issue of these users attempting to access services away from our estate and failing, as FortiClient defaults to the wrong certificate. Is there a way to set which cert the client should have selected? Rather then having them having to select the correct one?