Check if DHCP is enabled on the VLAN interface that is configured as the bridge SSID.

If yes, run the following sniffer command:

   diag sniffer packet <interfacename> 'port 67 or port 68' 4 0 l 

In the above screenshot 'Test1' is the VLAN interface name.

If there is no traffic seen, that means FortiGate is not receiving any discover packet from the client.

If there is any switch in between, and the DHCP offer packet not reaching to client then check if DHCP snooping is enabled on the switch.

config switch vlan

    edit <vlan-id>

        set dhcp-snooping enable

If the switch is a FortiSwitch, try to add the FortiGate interface as the trusted interface.

config switch-controller managed-switch 

     edit <FortiSwitch_serial_number> 

       config ports 

           edit <port_name> 

               set dhcp-snooping trusted            {options are 'trusted | untrusted'}

                       next

       end 

     next

  end 

Other possible reasons:

1. For a Bridge mode SSID to work, the VLAN interface must be added to the Allowed VLANs of the switch port, where the FortiAP is connected. Otherwise, the Workstations will not get the DHCP IP, and the traffic will be dropped at the Switch Port.
2. If the AP is connected on a VLAN, do not specify the same VLAN in the bridged SSID (optional vlan) to be broadcasted by the AP.  Traffic on that bridged SSID will already be tagged on the same VLAN as the AP. There is no need to add additional tagging. 

Related article:

Technical Tip: How to bridge a FortiGate WiFi network to a wired network or VLAN network