Managing Identity Provider Connections

Using a SAML 2.0 identity provider (IdP) allows administrators to consolidate identity information outside of individual applications. Certificates are used to establish trust between SOTI MobiControl and the IdP so that SOTI MobiControl can use signed security assertions from the IdP to allow users access to SOTI MobiControl resources. Once this is configured, instead of authentication at the SOTI MobiControl log in page, users will be redirected to their IdP where they can authenticate, or, if they have already done so, be redirected back to the SOTI MobiControl console for a single sign-on experience. You can also use IdP for other SOTI MobiControl endpoints such as the Self Service Portal or the iOS Profile Catalog.

This section contains the following topics:

SOTI MobiControl supports IdPs using SAML 2.0 for authentication. Authorization can come directly from the IdP if configured, or from a secondary lookup via LDAP or Azure directory services. Note however that if you are using IdP directly for authenticating users, SOTI MobiControl cannot regularly query the IdP for updated user information as it can when using a directory service connection.

Note: You can upload and manage third-party certificates in SOTI MobiControl to secure communication between SOTI MobiControl and the IdP. Certificates are managed through the SOTI MobiControl Administration Utility. See SOTI MobiControl Administration for more information.