Built-in User Management
You can add users and groups to the SOTI MobiControl console, and perform a variety of user management tasks on them. For example, you can create new users, groups, and roles, set missions, and track user activity.
In addition to local SOTI MobiControl user accounts, you can add:
- LDAP and Azure groups and users
- IdP and SOTI Identity groups
The
This section has the following topics and folders:
- The Recommended Workflow
- Creating Roles
- Renaming Roles
- Creating Users
- Assigning Users to Roles
- Editing Users
- Locking Users
- Locking Multiple Users
- Unlocking Users
- Unlocking Multiple Users
- Removing Users from a Role
- Adding Groups
- Assigning Groups to Roles
- Editing Groups
- Removing Groups from a Role
- Defining General Permissions
- General Permissions
- Defining Permissions Based on a Device Group
- Device Group Permissions
- Defining Access Permissions
- Resetting Access Permissions
- Viewing User Activity Logs
- Deleting Users, Groups, and Roles
Best Practices
You can define permissions (general and device group-specific) for all user management entities - roles, users, and groups. However, the best practice is to:
- Define permissions for roles
- Assign groups and users to these roles
Editing permission for a group or user often results in a convoluted, non-scalable setups because:
- A user can be a member of one or more groups. A user can have one or more roles. A group can have one or more roles.
- Tracking the origin of a given permission for a given user can be complex. This is especially true in older environments that have evolved over time, and in environments with elaborate LDAP setups.
- Individual users with more than one set of assigned permissions have the "Deny" setting applied by SOTI MobiControl. This also applies to inheritance from group(s) and/or role(s).
Access Control Policies
After you have set up users, groups, and roles in SOTI MobiControl, you can change the default access control settings for the SOTI MobiControl console. Enforce console security by specifying the terms of how users access the console. Access control policies include setting a limit for failed login attempts, enforcing password complexity requirements, and allowing (or disallowing) users to change or reset their own passwords.