Glossary
administrator
A SOTI MobiControl console user with full permission to manage the
SOTI MobiControl system.
accuracy circle
A theoretical buffer, measured in meters, encircling a mobile device that defines a
margin of error for its actual GPS location. For reference, the device location is the
centre of the circle, although it could actually be anywhere within the radius. When the
GPS signal is strong, the radius of the circle is small. When the signal is weak, the
radius of the circle is larger.
ADE
Automated Device Enrollment. Use ADE to automate Mobile Device Management (MDM)
enrollment and simplify initial device setup. You can supervise devices during
activation without touching them and lock MDM enrollment for ongoing
management.
API
Application Programming Interface. Application can refer to any software package.
Interface refers to the exchange of information and services between two
applications. API documentation describes how developers can utilise the
interface.
assign
Refers to applying configurations to, or installing applications on, a device. For
example, you assign rules, profiles and packages to devices.
BYOD
Bring Your Own Device. BYOD is a device management setup where an enterprise manages
work data on a user's personal device.
console
The main interface SOTI MobiControl administrators or technicians use
to manage devices.
check in
Devices check in when they connect to the SOTI MobiControl deployment
server to relay device status or retrieve updates to device management
settings.
container
A container is a device partition dedicated to work data and applications. Content in
the container is not shared with the rest of the device.
COPE
Corporate Owned, Personally Enabled. COPE devices are primarily secured and configured
for work use; however, users can use them for personal purposes.
COSU
Corporate Owned, Single Use. COSU devices have multiple users and serve a single
purpose, such as a point of sale or inventory tracking device.
deployment
A deployment is a set of devices whose configurations and applications your organization
manages via SOTI MobiControl.
device
A device is a general term for any electronic apparatus manageable by SOTI MobiControl. Examples include smartphones, tablets, desktop computers,
and rugged handheld computers.
device agent
A device agent is a SOTI application installed on a device
that grants SOTI MobiControl device management
capabilities.
device family
A SOTI MobiControl-specific term that groups devices based on
similarities such as operating systems or manufacturers.
device platform
A SOTI MobiControl-specific term that groups similar devices.
Device management capabilities are often determined at the device platform level. There
may also be sub-platform groupings within a device platform.
device user
Refers to the user operating the physical device.
EACS
Erase all Content and Settings (EACS) is an optimized method to erase applications,
data, and settings from macOS devices without removing the operating system. Requires:
macOS Monterey (or later) on a Mac with Apple silicon or the Apple T2 Security
Chip.
EJBCA
Enterprise Java Beans Certificate Authority (EJBCA) is an open-source certificate
authority software developed in Java. Organizations use it to establish a public key
infrastructure (PKI) to issue and manage digital certificates.
EJBCA is licensed under the Lesser General Public License (LGPL) and is maintained by PrimeKey Solutions AB.
- Official EJBCA website: https://www.ejbca.org/
- EJBCA documentation: https://www.ejbca.org/docs/
- EJBCA on GitHub: https://github.com/ejbca/ejbca
- PrimeKey Solutions AB website: https://www.primekey.com/
EMM
Enterprise Mobility Management. The technology and processes necessary for
managing devices in an enterprise context.
enroll
The term describes a device grought under SOTI MobiControl management.
Until you enroll a device in SOTI MobiControl, you cannot change its
settings using SOTI MobiControl.
EST
Enrollment over Secure Transport (EST) is a certificate enrollment protocol that enables secure issuance and management of digital certificates for network devices and endpoints.
exclusion zone
Exclusion zones are virtual geographic boundaries. Exclusion zones can be as large or
small as necessary and manipulated to cover any space.
Fully Qualified Domain Name (FQDN)
Fully Qualified Domain Name (FQDN) refers to a complete and unique address. The address
specifies the exact location of a domain within the hierarchical structure of the
Internet, including the top-level domain, domain name, and subdomains, if
applicable.
Example: www.example.com
- "www" is the subdomain
- "example" is the domain name
- "com" is the top-level domain
geofence
Geofences are virtual geographic boundaries. Geofences can be as large or small as
necessary and manipulated to cover any space. When a device enters or exits a geofence
area, SOTI MobiControl notifies you and performs a predefined action,
such as sending a message or blocking access to certain services.
instance
A single installation of SOTI MobiControl. An instance of
SOTI MobiControl can have multiple deployment servers or
management servers.
KDC
A Key Distribution Center (KDC) is the part of the Kerberos authentication protocol. It
is responsible for issuing and managing authentication tickets used to verify user
identities and provide secure access to network resources. The KDC has two parts: the
Authentication Server (AS) and the Ticket-Granting Server (TGS). When a user requests
access to a network resource, the KDC generates an authentication ticket. The ticket has
a session key that encrypts and decrypts network traffic between the user and the
resource.
kiosk mode
A method that restricts a device to a limited number of applications for a specific use
or purpose.
LDAP
Lightweight Directory Access Protocol (LDAP) is an open source protocol for accessing and maintaining directory information services. It provides a way to organize, query, and manage distributed directory information such as user accounts, network resources, and organizational structures.
lockdown
A method that restricts a device to a limited number of applications for a specific use
or purpose.
MAM
Mobile Application Management (MAM) is the set of techniques and solutions used to
secure, deploy, and manage mobile applications across various devices within an
organization. It focuses on controlling access, enforcing policies, and ensuring the
proper functionality and security of mobile apps.
MSAL
Microsoft Authentication Library enables you to acquire tokens from sure Active Directory to access protected web APIs (Microsoft APIs or apps registered with Azure AD.
MDM
Mobile Device Management. Software used to manage devices from a central
location.
OEM
Original Equipment Manufacturer. In SOTI MobiControl documentation, it
is typically used in the context of Android Plus to highlight variations in devices due
to manufacturer differences.
It is also used to distinguish between Android devices that use Android's native work features (Android Enterprise) and those that do not (OEM). In this usage, it is also referred to as Android Classic.
PKINIT
Public Key Cryptography for Initial Authentication (PKINIT) extends the Kerberos
authentication protocol enabling public key cryptography for initial authentication,
instead of relying solely on passwords. With PKINIT, a client can authenticate to a Key
Distribution Center (KDC) using a public key certificate, which is signed by a trusted
certificate authority. PKINIT provides increased security compared to traditional
password-based authentication because it protects against attacks like password
guessing, replay attacks, and eavesdropping. PKINIT is used in environments that require
strong authentication, such as in government and enterprise settings.
PPKG
A Provisioning Package (PPKG) is a file containing configuration settings used as a
standard when distributed to Windows Modern devices. Settings can include applications,
network configurations, restrictions, and security policies.
push
To send a change to a device, such as a new device setting, script, or
application.
supervised
iOS specific. Supervised iOS devices give greater device management capabilities. You
must set up Supervision before activating the device.
technician
A SOTI MobiControl user who performs the day-to-day tasks of managing
devices. A technician's permissions are usually more limited than the administrator's,
especially regarding SOTI MobiControl system settings.
TGT
A Ticket Granting Ticket (TGT) is an encrypted ticket issued by the Key Distribution
Center (KDC) in the Kerberos authentication protocol. The client obtains the TGT during
the initial authentication process with the KDC and uses it to request service tickets
from the KDC to access network resources. The TGT contains the client's identity, a
timestamp, and a session key used to encrypt and decrypt network traffic between the
client and the network resource. Once the client obtains the TGT, they can request
service tickets for specific network resources without re-entering their authentication
credentials.
UEM
Unified Endpoint Management (UEM) integrates and extends MDM management capabilities to
include other endpoints like laptops, desktops, and IoT devices. It provides a unified
platform for managing and securing various devices within an organization.
user
Typically refers to the SOTI MobiControl administrator or console
user, not the device user.