Re: Prevent students from using both computer, phone and tablet at the same time
auth-concurrent should work. Make sure you haven't overridden those via auth-concurrent on per user or per group level with unlimited setting. Or on the other hand try to override global setting on per user level basis, as per user setting does have precedence over global setting (as it is more specific).
If you want to let them login from authorized devices only, then, besides of implementation of some serious NAC (Network Access Controller), you can also ...
control access on IP level. Only specific IPs from workstations allowed. IPs set statically, no automatic IP assignment to new devices. Weak as one can set his own static IP.
MAC based .. IPs assigned semi-statically by DHCP which will assign IP just to reserved MAC addresses.
Need to enroll MAC addresses to DHCP reservation. Small list can be maintained even by FortiGate. Bigger deployments should use separate DHCP server. IP per MAC assignment is old but still good trick.
Stronger as it's harder to get your MAC enrolled in, weak against misuse and setting IP from expected pool statically.
802.1x port based authentication. Could be for example even EAP-TLS for wired or wifi. Certs and PKI involved and so cert enrollment for users/computers needed. For example FortiAuthenticator, if in place, can let users self-enroll their own device certificates but for set amount of devices, like 1 device only, to limit and have some control over BYOD scenario.
Enrollment can be controlled or even mandate admin approval.
That's more complex scenario and more secure from my point of view.
Tom xSilver, planet Earth, over and out!