FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
This article describes why FortiClient may fail to automatically connect to EMS after being installed on unattended systems using invitation codes
Scope
FortiClient EMS, FortiClient Endpoint
Solution
When FortiClient is installed using an MSI and MST package with an invitation code, it is automatically registered to EMS if the installation is configured correctly: Technical Tip: Install FortiClient with MSI installer
However, if the invitation code is configured with SAML authentication as the verification type, FortiClient will not automatically connect to EMS during installation on unattended or newly provisioned machines.
This is because SAML authentication requires the presence of an end user to manually complete the login process in a browser window to verify their identity. Without this user interaction, the registration cannot be completed.
Solution:
If the FortiClient installation is intended to run without user interaction (for example, on pilot machines, newly provisioned systems, or unattended endpoints), use an invitation code with 'Verification Type: None' instead of SAML. This allows the client to register automatically to EMS without requiring user authentication.
