Authenticating SOTI MobiControl to Azure AD

Before you begin

You must have a Microsoft Azure account to authenticate SOTI MobiControl to Azure AD.

About this task

You can use Azure directory service connections in SOTI MobiControl for Windows Modern device enrollment.

Note: As a third-party procedure, this process is subject to change without notice. See Microsoft Azure documentation for the most current information.

Only 150 groups can be added in a SAML token. For more information on this limitation, see Configure group claims for applications by using Azure Active Directory.

To add an Azure directory service connection:


  1. In the Azure Management Portal, add a new 'On-premises MDM application' from the gallery.
  2. Configure the application with the following settings:
    APP ID URI https://DMA
    MDM Discovery URL https://DMA/FederatedEnrollment/Discovery.svc
    MDM Terms of Use URL https://DMA/FederatedEnrollment/TermsOfUse.svc/TermsOfUse

    Where DMA refers to the Device Management Address of your SOTI MobiControl instance (found under Global Settings on the Servers tab).

  3. Configure permissions for the application.
  4. Find and copy the metadata URI of the application (generally found in the App Endpoints section).
    You will need the metadata URI when you integrate your Azure directory service groups with SOTI MobiControl.


SOTI MobiControl is now authenticated with Azure AD. You can now add an Azure connection to SOTI MobiControl.