How do you manage your user devices currently? You said you don't have a on-prem DC, so does this mean you have a DC in Azure maybe? Are you maybe using a MDM like InTune or AirWatch, etc... You can deploy the certificate to your devices via your MDM.
The question I asked arises because before buying fortigate I had Palo Alto, and with global protect you had the opportunity to push the deep-inspection certificate directly from globalprotect, so I thought that on the fortinet side there was a similar system that did not provide for an additional application such as EMS.
We don't have a DC, the company is very small and it's not necessary with the current infrastructure.
Hmmm...someone might come with some other automated GUI way to do this, but if you don't have any form of device management at your disposal, then you will have to rely on yourself or the user to perform this task. The task can be simplified from the user's side of things by use of a script (and this is making some assumptions as you did not say what type of devices you have, so I am going to assume Windows). This gets into the weeds quick if you are not a scripter, but the idea would be that you have your users run this script (maybe you zip the cert and script up, send it via email with instructions on what to do, etc...) and it installs the certificate into the correct cert store on their computer. You can do a simple Google search for "script to install certificate in trusted root" for example and dive down that rabbit hole.
Note: adding as well to this, you might want to consider some form of MDM for this and future needs of device management. I know you said your org was small. ManageEngine for example offers a free MDM for up to 25 devices. I don't use theirs, but I was just using them as an example due to their free offering. I'm sure others have something similar you could investigate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.