Editing a Directory Service Connection

About this task

This procedure applies to both on-premises and Azure directory service connections.

To modify a directory service connection:

Procedure

  1. Select Global Settings from the main menu.
  2. Do one of the following:
    • From the Settings tree on the left, select Services > Directory to display the Directory dialog box (see Directory).
    • From the Settings tree on the left, select Console Settings > Authentication Options to display the Authentication Options page (see Authentication Options). Under Authentication Type, select MobiControl. Click Manage Directories to open the Directory dialog box (see Directory).
  3. In the LDAP Directories or Azure Directories dialog box, click the name of the connection you want to edit.
  4. If you selected an LDAP connection, edit the on-prem-relevant fields, starting with the Connection Details section:
    Name Enter a name for the LDAP connection. This name is used for reference only.
    Server Type Select the LDAP server type. The server type will decide what default search attributes will be used. Select one of:
    • Active Directory
    • Open Directory
    • Domino
    • Other LDAP
    Server Address Enter the hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636. The port can be any value if it matches server's settings.
    Use SSL Turn the toggle on to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
    Accept Untrusted Certificates Turn the toggle on to allow SSL connections to use Untrusted Certificates, which in most cases are self-signed CA root certificates. It's not recommended to enable this in a production environment.
    Authentication Type Choose how to make a connection to the server. The authentication type should match the server's settings:
    • Anonymous - the connection should be made without passing credentials
    • Basic - basic authentication should be used on the connection
    • Negotiate - Microsoft Negotiate authentication should be used on the connection
    Username Enter the user name used for binding to the connection when the Authentication Type is Basic or Negotiate.
    Password Enter the password of the binding user.
    Base DN (Distinguished Name) Enter the top level of the LDAP directory tree is the base, referred to as the "base DN." This option is to define the highest level of the LDAP search scope, a.k.a. RootContainer.
    Follow Referrals Turn on the toggle to allow the binding server and the referral servers listed in the search response to be searched.
    Follow Static Referrals Turn on the toggle to allow the binding server, the referral servers, and the servers in the static referral server list to be searched.
    Cloud Link Agent Select a configured Cloud Link Agent from the dropdown list to use this directory service connection for console authentication and device enrollment on cloud environments.
  5. If you selected an Azure connection, edit the Azure-relevant fields, starting with the Connection Details section:
    Name Enter the name of the new connection.
    Azure Graph API Address Enter the service root for the Graph API request.

    The default address is https://graph.windows.net.

    Azure Tenant ID Click the + icon to display the Azure Tenant pane, where you configure new tenants.
    Azure Application The MDM associated with the Tenant ID.
  6. Click Save.