Built-in User Management
SOTI MobiControl allows you to add users and groups to the console and perform a variety of user management tasks on them, including creating new users, groups, and roles, as well as setting permissions and tracking user activity.
In addition to local SOTI MobiControl user accounts, you can add:
- LDAP and Azure groups and users
- IdP and SOTI Identity groups
The
This section contains the following topics and folders:
- The Recommended Workflow
- Creating Roles
- Renaming Roles
- Creating Users
- Assigning Users to Roles
- Editing Users
- Locking Users
- Locking Multiple Users
- Unlocking Users
- Unlocking Multiple Users
- Removing Users from a Role
- Adding Groups
- Assigning Groups to Roles
- Editing Groups
- Removing Groups from a Role
- Defining General Permissions
- General Permissions
- Defining Permissions Based on a Device Group
- Device Group Permissions
- Defining Access Permissions
- Resetting Access Permissions
- Viewing User Activity Logs
- Deleting Users, Groups, and Roles
Best Practices
You can define permissions (general and device group-specific) for all user management entities - roles, users, and groups. However, the best practice is to:
- Define permissions for roles
- Assign groups and users to these roles
Editing permission for a group or user often results in a convoluted, non-scalable setups because:
- A user can be a member of one or more groups. A user can have one or more roles. A group can have one or more roles.
- Tracking the origin of a given permission for a given user can be rather complex, especially in older environments that have evolved over time, as well as in those environments with elaborate LDAP setups.
- When more than one set of permissions are assigned to a user individually and via inheritance from group(s) and/or role(s), SOTI MobiControl applies the most restrictive setting (i.e., "Deny").
Access Control Policies
After you have set up users, groups, and roles in SOTI MobiControl, you can change the default access control settings for the SOTI MobiControl console. Maintain console security by specifying the terms of how users access the console. Access control policies include setting a limit for failed login attempts, enforcing password complexity requirements, and allowing (or disallowing) users to change or reset their own passwords.