I need to configure our environment for both single and multi-user, domain and workgroup (personal) computers.. Ideally we want absolutely no user interaction required for the shared domain pc's, at any point. These are EntraID or hybrid-joined, managed by Intune. They don't need different configuration profiles based on the user login, although we would still want to track who is logged in of course.
However, auto-registration appears to only occur once during initial installation. When another user logs in, FortiClient reverts to being unregistered for that user, requiring them to enter an invite code. I would have thought it would attempt auto registration again and perform SAML user verification automatically, but it does not.
We need to keep the shared devices as free from user interaction as possible, while still securing against rogue installs. Is there a different way to go about this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
@SubjectNamemyolsd.usfirekirin wrote:I need to configure our environment for both single and multi-user, domain and workgroup (personal) computers.. Ideally we want absolutely no user interaction required for the shared domain pc's, at any point. These are EntraID or hybrid-joined, managed by Intune. They don't need different configuration profiles based on the user login, although we would still want to track who is logged in of course.
However, auto-registration appears to only occur once during initial installation. When another user logs in, FortiClient reverts to being unregistered for that user, requiring them to enter an invite code. I would have thought it would attempt auto registration again and perform SAML user verification automatically, but it does not.
We need to keep the shared devices as free from user interaction as possible, while still securing against rogue installs. Is there a different way to go about this?
For FortiClient EMS auto-registration on shared computers, the issue arises because auto-registration typically occurs only once during initial installation, and additional users must manually register. To address this, consider configuring FortiClient to run in a system-wide mode where it is registered once and remains active across user sessions
That sounds like what I need to do. How is that accomplished?
Hello,
I would suggest revising intune configuration options.
https://docs.fortinet.com/document/forticlient/7.2.0/intune-deployment-guide/776135/configuring-the-...
https://docs.fortinet.com/document/forticlient/7.2.4/ems-administration-guide/470857
https://docs.fortinet.com/document/forticlient/7.2.4/ems-administration-guide/334169
Or alternatively, you can connect your already installed endpoints via FortiEsnac
c:\Program Files\Fortinet\FortiClient\FortiESNAC.exe -r|--register <address/invitation> [-p|--port <port>] [-v|--vdom <site>]
If the verification type is selected as Domain or SAML there will be user interaction one time.
Then, Forticlient will open in connected status unless it has not been disconnected.
Please let me know if that helps.
@Anil_Solakoglu wrote:Hello,
I would suggest revising intune configuration options.
Revise in what way? I've read these guides and don't see what part may be relevant here. We already do create installers in EMS with auto-registration turned on, and then push that MSI out via Intune.
@Anil_Solakoglu wrote:Or alternatively, you can connect your already installed endpoints via FortiEsnac
c:\Program Files\Fortinet\FortiClient\FortiESNAC.exe -r|--register <address/invitation> [-p|--port <port>] [-v|--vdom <site>]If the verification type is selected as Domain or SAML there will be user interaction one time.
Then, Forticlient will open in connected status unless it has not been disconnected.
Please let me know if that helps.
Regarding ESNAC, I understand it's use... are you suggesting running this command as part of a user logon script, for example? Or does registering it via this method once work for all users?
Is there anyway to have non-interactive Domain verification?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.