Home
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Managing Devices
Sharing Devices
Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
Configuring Lockdown for Shared Devices

Welcome to SOTI MobiControl 2024.1 Help
SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.
What's New in SOTI MobiControl Help
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
- SOTI MobiControl Installation
- SOTI MobiControl Activation
- SOTI MobiControl Upgrades
- Uninstalling SOTI MobiControl
- Uninstalling SOTI MobiControl Device Agents
- Setup Reference
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
  - Managing Android Enrollment Policies
  - Managing Device Enrollment Rules
  - Enrolling Devices
  - Renaming Devices
  - Device Compliance Policies
  - Viewing Device Information
  - Grouping Devices
  - Updating Devices
  - Using Signal Policies to Monitor Devices and Servers
  - Sending Messages to Devices
  - Sharing Devices
    - Configuring Shared Device
    - Configuring Imprivata MDA as App Authenticator
      This procedure describes how to use Imprivata MDA as your app authenticator.
    - Logging into Android Plus Shared Devices
    - Logging into iOS Shared Devices
    - Logging Out Shared Devices
    - Shared iPad for Business
    - Troubleshooting Shared Devices
    - Shared Device Error States
    - Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
      You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
      - Assigning User Licenses In Microsoft Entra ID/Azure AD
        This procedure describes how to assign licenses in Microsoft Entra ID/Azure AD for use with Single Sign On (SSO) using Microsoft Authenticator.
      - Microsoft 365 Conditional Access Integration and Configure Compliance Partner Endpoint
      - Add Azure Directory
      - Android Device Enrollment
      - Assigning a Profile
        To enable account creation on a device, install a feature control payload before assigning an app policy. The feature control payload must be correctly installed on the device and not impacted by other profiles.
      - App Policy
        Install the Authenticator app from the app policy and set all necessary advanced configurations.
      - SSO Group Level Configuration
      - Log In With Single Sign-on
      - Log Out With Single Sign-on
      - Configuring Lockdown for Shared Devices
        Creating the Before Login Lockdown Profile for the Parent Device Group
        Creating After Login Working Profiles (with Logout Action) for Child Device Groups
  - Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
  - Removing Devices
- Managing Configurations
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Packages
This section provides information about how to use SOTI MobiControl and Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
SOTI Cloud Link
Glossary
Notices

Configuring Lockdown for Shared Devices

Device lockdown for shared devices replaces the standard device home screen with a customizable one that restricts access to only authorized applications and websites.

Note: Before configuring the lockdown feature for shared devices, you must complete all activities to establish Single Sign-on (SSO) with Microsoft Authenticator. See Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator.

Lockdown for shared devices using Microsoft Authenticator and Single Sign-on (SSO) requires two lockdown profiles:

Login profile—Create the login profile at the parent level of a device group. Its primary purpose is to give users a login button to invoke sign-on through the Microsoft Authenticator.
Working profile with logout—The working profile has the day-to-day apps specific to each child device group. It includes a logout button to exit the session. This profile is active once a user signs in under the login profile. The profile's apps include those requiring authentication from the Microsoft Authenticator to operate.

In the following image, My Company is the parent device group. The child device groups are Management Devices, Sales Devices, and Warehouse Devices.

Parent-child hierarchy of device groups

Complete the following procedures to configure the lockdown feature: