Created on
01-20-2021
03:56 AM
Edited on
08-28-2024
01:39 AM
By
Jean-Philippe_P
Description
This article describes how to enable Forticlient EMS with multitenancy.
Scope
FortiClient.
Solution
With EMS multitenancy, it is possible to create multiple sites to provide granular access to different sites for different administrators and separate endpoint data and configuration into different sites.
The site are completely separate from each other and cannot share data between them.
For example, if an administrator only has access to Site A, the data is not possible from any other site.
To enable this option, go to the EMS setting and enable 'Manage Multiple Customer Sites'.
Enabling and configuring multitenancy
To configure EMS multitenancy, it is necessary to use a third-level FQDN like in this example below (Global panel) and make sure the option 'use FQDN' is enabled. (eg: ems.somedomain.it).
To point the FortiGate to the 'Default' site, use the following name default.ems.somedomain.it.
The name of the site needed to access from the FortiGate and created on the EMS must reflect the FQDN on the DNS.

- FQDN needs to be used instead of IP Address.
- site.fqdn format needs to be used in the FortiGate configuration to integrate FortiGate to specific Multitenant sites on EMS (for example site1.ems.example.com) or default.ems.example.com to access the default site.
edit "EMS_Entry"
set domain "site1.ems.example.com"
config dns-entry
edit 2
set hostname "@"
set ip X.X.X.X
next
end
next
end