Built-in User Management
Use SOTI MobiControl to add users and groups to the console and perform a variety of user management tasks.
This section has the following topics and folders:
- LDAP and Azure groups and users
- IdP and SOTI Identity groups
- The Recommended Workflow
- Creating Roles
- Renaming Roles
- Creating Users
- Assigning Users to Roles
- Editing Users
- Locking Users
- Locking Multiple Users
- Unlocking Users
- Unlocking Multiple Users
- Removing Users from a Role
- Adding Groups
- Assigning Groups to Roles
- Editing Groups
- Removing Groups from a Role
- Defining General Permissions
- General Permissions
- Defining Permissions Based on a Device Group
- Device Group Permissions
- Defining Access Permissions
- Resetting Access Permissions
- Viewing User Activity Logs
- Deleting Users, Groups, and Roles
Best Practices
You can define permissions (general and device group-specific) for all user management entities - roles, users, and groups. However, the best practice is to:
- Define permissions for roles
- Assign groups and users to these roles
Consider the following when editing permissions for a group or user:
- A user can be a member of one or more groups. A user can have one or more roles. A group can have one or more roles.
- Older environments, especially those with elaborate LDAP setups, can make finding the origin of a given permission difficult.
- When more than one set of permissions is assigned to a user, either individually or via inheritance from group(s) and/or role(s), SOTI MobiControl applies the most restrictive setting (i.e., "Deny").
Access Control Policies
After you have set up users, groups, and roles in SOTI MobiControl, you can change the default access control settings for the SOTI MobiControl console. Maintain console security by specifying the terms of how users access the console. Access control policies include setting a limit for failed login attempts, enforcing password complexity requirements, and allowing (or disallowing) users to change or reset their own passwords.