Built-in User Management

You can add users and groups to the SOTI MobiControl console, and perform a variety of user management tasks on them. For example, you can create new users, groups, and roles, set missions, and track user activity.

In addition to local SOTI MobiControl user accounts, you can add:

  • LDAP and Azure groups and users
  • IdP and SOTI Identity groups

The

This section has the following topics and folders:

Best Practices

You can define permissions (general and device group-specific) for all user management entities - roles, users, and groups. However, the best practice is to:

  1. Define permissions for roles
  2. Assign groups and users to these roles

See The Recommended Workflow.

Editing permission for a group or user often results in a convoluted, non-scalable setups because:

  • A user can be a member of one or more groups. A user can have one or more roles. A group can have one or more roles.
  • Tracking the origin of a given permission for a given user can be complex. This is especially true in older environments that have evolved over time, and in environments with elaborate LDAP setups.
  • Individual users with more than one set of assigned permissions have the "Deny" setting applied by SOTI MobiControl. This also applies to inheritance from group(s) and/or role(s).

Access Control Policies

After you have set up users, groups, and roles in SOTI MobiControl, you can change the default access control settings for the SOTI MobiControl console. Enforce console security by specifying the terms of how users access the console. Access control policies include setting a limit for failed login attempts, enforcing password complexity requirements, and allowing (or disallowing) users to change or reset their own passwords.