Built-in User Management

SOTI MobiControl allows you to add users and groups to the console and perform a variety of user management tasks on them, including creating new users, groups, and roles, as well as setting permissions and tracking user activity.

In addition to local SOTI MobiControl user accounts, you can add:

  • LDAP and Azure groups and users
  • IdP and SOTI Identity groups


This section contains the following topics and folders:

Best Practices

You can define permissions (general and device group-specific) for all user management entities - roles, users, and groups. However, the best practice is to:

  1. Define permissions for roles
  2. Assign groups and users to these roles

See The Recommended Workflow.

Editing permission for a group or user often results in a convoluted, non-scalable setups because:

  • A user can be a member of one or more groups. A user can have one or more roles. A group can have one or more roles.
  • Tracking the origin of a given permission for a given user can be rather complex, especially in older environments that have evolved over time, as well as in those environments with elaborate LDAP setups.
  • When more than one set of permissions are assigned to a user individually and via inheritance from group(s) and/or role(s), SOTI MobiControl applies the most restrictive setting (i.e., "Deny").

Access Control Policies

After you have set up users, groups, and roles in SOTI MobiControl, you can change the default access control settings for the SOTI MobiControl console. Maintain console security by specifying the terms of how users access the console. Access control policies include setting a limit for failed login attempts, enforcing password complexity requirements, and allowing (or disallowing) users to change or reset their own passwords.