Glossary

A SOTI MobiControl console user with full permission to manage the SOTI MobiControl system.

A theoretical buffer, measured in meters, encircling a mobile device that defines a margin of error for its actual GPS location. For reference, the device location is the centre of the circle, although it could actually be anywhere within the radius. When the GPS signal is strong, the radius of the circle is small. When the signal is weak, the radius of the circle is larger.

Automated Device Enrollment. Use ADE to automate Mobile Device Management (MDM) enrollment and simplify initial device setup. You can supervise devices during activation without touching them and lock MDM enrollment for ongoing management.

Application Programming Interface. Application can refer to any software package. Interface refers to the exchange of information and services between two applications. API documentation describes how developers can utilise the interface.

Refers to applying configurations to, or installing applications on, a device. For example, you assign rules, profiles and packages to devices.

Bring Your Own Device. BYOD is a device management setup where an enterprise manages work data on a user's personal device.

The main interface SOTI MobiControl administrators or technicians use to manage devices.

Devices check in when they connect to the SOTI MobiControl deployment server to relay device status or retrieve updates to device management settings.

A container is a device partition dedicated to work data and applications. Content in the container is not shared with the rest of the device.

Corporate Owned, Personally Enabled. COPE devices are primarily secured and configured for work use; however, users can use them for personal purposes.

Corporate Owned, Single Use. COSU devices have multiple users and serve a single purpose, such as a point of sale or inventory tracking device.

A deployment is a set of devices whose configurations and applications your organization manages via SOTI MobiControl.

A device is a general term for any electronic apparatus manageable by SOTI MobiControl. Examples include smartphones, tablets, desktop computers, and rugged handheld computers.

A device agent is a SOTI application installed on a device that grants SOTI MobiControl device management capabilities.

A SOTI MobiControl-specific term that groups devices based on similarities such as operating systems or manufacturers.

A SOTI MobiControl-specific term that groups similar devices. Device management capabilities are often determined at the device platform level. There may also be sub-platform groupings within a device platform.

Refers to the user operating the physical device.

Erase all Content and Settings (EACS) is an optimized method to erase applications, data, and settings from macOS devices without removing the operating system. Requires: macOS Monterey (or later) on a Mac with Apple silicon or the Apple T2 Security Chip.

Enterprise Java Beans Certificate Authority (EJBCA) is an open-source certificate authority software developed in Java. Organizations use it to establish a public key infrastructure (PKI) to issue and manage digital certificates.

EJBCA is licensed under the Lesser General Public License (LGPL) and is maintained by PrimeKey Solutions AB.

• Official EJBCA website: https://www.ejbca.org/
• EJBCA documentation: https://www.ejbca.org/docs/
• EJBCA on GitHub: https://github.com/ejbca/ejbca
• PrimeKey Solutions AB website: https://www.primekey.com/

Enterprise Mobility Management. The technology and processes necessary for managing devices in an enterprise context.

The term describes a device grought under SOTI MobiControl management. Until you enroll a device in SOTI MobiControl, you cannot change its settings using SOTI MobiControl.

Enrollment over Secure Transport (EST) is a certificate enrollment protocol that enables secure issuance and management of digital certificates for network devices and endpoints.

Exclusion zones are virtual geographic boundaries. Exclusion zones can be as large or small as necessary and manipulated to cover any space.

Fully Qualified Domain Name (FQDN) refers to a complete and unique address. The address specifies the exact location of a domain within the hierarchical structure of the Internet, including the top-level domain, domain name, and subdomains, if applicable.

Geofences are virtual geographic boundaries. Geofences can be as large or small as necessary and manipulated to cover any space. When a device enters or exits a geofence area, SOTI MobiControl notifies you and performs a predefined action, such as sending a message or blocking access to certain services.

A single installation of SOTI MobiControl. An instance of SOTI MobiControl can have multiple deployment servers or management servers.

A Key Distribution Center (KDC) is the part of the Kerberos authentication protocol. It is responsible for issuing and managing authentication tickets used to verify user identities and provide secure access to network resources. The KDC has two parts: the Authentication Server (AS) and the Ticket-Granting Server (TGS). When a user requests access to a network resource, the KDC generates an authentication ticket. The ticket has a session key that encrypts and decrypts network traffic between the user and the resource.

A method that restricts a device to a limited number of applications for a specific use or purpose.

Lightweight Directory Access Protocol (LDAP) is an open source protocol for accessing and maintaining directory information services. It provides a way to organize, query, and manage distributed directory information such as user accounts, network resources, and organizational structures.

A method that restricts a device to a limited number of applications for a specific use or purpose.

Mobile Application Management (MAM) is the set of techniques and solutions used to secure, deploy, and manage mobile applications across various devices within an organization. It focuses on controlling access, enforcing policies, and ensuring the proper functionality and security of mobile apps.

Microsoft Authentication Library enables you to acquire tokens from sure Active Directory to access protected web APIs (Microsoft APIs or apps registered with Azure AD.

Mobile Device Management. Software used to manage devices from a central location.

Original Equipment Manufacturer. In SOTI MobiControl documentation, it is typically used in the context of Android Plus to highlight variations in devices due to manufacturer differences.

It is also used to distinguish between Android devices that use Android's native work features (Android Enterprise) and those that do not (OEM). In this usage, it is also referred to as Android Classic.

Public Key Cryptography for Initial Authentication (PKINIT) extends the Kerberos authentication protocol enabling public key cryptography for initial authentication, instead of relying solely on passwords. With PKINIT, a client can authenticate to a Key Distribution Center (KDC) using a public key certificate, which is signed by a trusted certificate authority. PKINIT provides increased security compared to traditional password-based authentication because it protects against attacks like password guessing, replay attacks, and eavesdropping. PKINIT is used in environments that require strong authentication, such as in government and enterprise settings.

A Provisioning Package (PPKG) is a file containing configuration settings used as a standard when distributed to Windows Modern devices. Settings can include applications, network configurations, restrictions, and security policies.

To send a change to a device, such as a new device setting, script, or application.

An SSID is a unique name that identifies a wireless network. Client devices use it to identify and join wireless networks. It can be up to 32 characters long and permits letters, numbers, and special characters.

iOS specific. Supervised iOS devices give greater device management capabilities. You must set up Supervision before activating the device.

A SOTI MobiControl user who performs the day-to-day tasks of managing devices. A technician's permissions are usually more limited than the administrator's, especially regarding SOTI MobiControl system settings.

A Ticket Granting Ticket (TGT) is an encrypted ticket issued by the Key Distribution Center (KDC) in the Kerberos authentication protocol. The client obtains the TGT during the initial authentication process with the KDC and uses it to request service tickets from the KDC to access network resources. The TGT contains the client's identity, a timestamp, and a session key used to encrypt and decrypt network traffic between the client and the network resource. Once the client obtains the TGT, they can request service tickets for specific network resources without re-entering their authentication credentials.

Unified Endpoint Management (UEM) integrates and extends MDM management capabilities to include other endpoints like laptops, desktops, and IoT devices. It provides a unified platform for managing and securing various devices within an organization.

Typically refers to the SOTI MobiControl administrator or console user, not the device user.