Sharing Devices

Before you begin

You must have a valid directory service or identity provider connection configured in SOTI MobiControl. SOTI MobiControl uses these credentials to verify which device users can access shared device features. See Identity Management for help setting up these connections.

To present terms and conditions to your device users when they log into a shared device, upload terms and conditions to SOTI MobiControl before beginning this task.

About this task

The Shared Device advanced configuration enables you to share a device among users and personalize the device to each user as they log in. This multi-user functionality creates a set of interchangeable devices that are equally and immediately useful to any authorized user who picks one up.

Tip: See Configuring Shared Device for videos detailing how to configure Shared Devices.

Shared Device is only supported on Android (with a SOTI MobiControl Device Agent of 13.7.0 or later) and iOS devices.

This section has the following topics:

To set up Shared Device on your devices:

Procedure

  1. Create and organize your device groups to capitalize on Shared Device functionality.
    The Shared Device feature gets applied at the device group level and all its subgroups (unless otherwise specified). You can set Shared Device to move devices to a nested group with different settings when a user logs into a device. This way, you control which settings or configurations are available depending on the log-in status of the device. You can even choose different device groups depending on the user who logs into the device.

    A basic device group structure might look like this:

    Nested device groups

    Depending on your relocation settings, devices may remain in Warehouse or move to either Warehouse A or Warehouse B.

  2. Apply any rules, settings, or configurations that you want enabled on the main device group or its nested device groups.
    Important: On iOS devices, you must install the SOTI MobiControl Login app to access Shared Device features. Use an app policy to deploy it to devices.
    Tip: Consider adding a Lockdown | Using the Configuration (Android Plus) or Single App Mode (iOS - set to the SOTI MobiControl Login app) profile configuration to the main shared device group. This restricts the functionality of devices for unauthorized users.
  3. In the Devices view, right-click on the device group where you want to apply Shared Device and select Advanced Configurations.
  4. Choose either Android Plus or Apple from the device type dropdown and select Shared Device from the list of Advanced Configurations. You can add both Android and iOS devices within the same group, but you must configure them individually.
  5. In the Shared Device Configuration dialog box, select the Enable Shared Device Configuration option and begin filling in the fields to configure Shared Device.
    Enable Shared Device Select this option to enable the Shared Device advanced configuration.
    Single Sign-on (SSO) authenticator app Choose the type of SSO authentication for the shared device.
    • None
    Do not use SSO authentication.
    • Microsoft Authenticator
    Use Azure AD for SSO authentication.
    • Imprivata MDA
    Use Imprivata MDA for SSO authentication.
    Add Groups
    • Directory Service
    • Identity Provider

    Select the to select either a Directory Services or an Identity Provider connection from the dropdown list. If you have not configured a directory service or IdP, you can set up a new connection by selecting Manage Directories. Refer to Identity Management for instructions on how to associate your identity management system with SOTI MobiControl.

    User Group Mapping Use this table to map user groups to the device groups they'll move into once a user from that user group logs into the device. You can map each user group to a different destination device group with different terms and conditions.

    For example, you can specify that the devices logged into by users in the IT user group should move to Group B upon login. Group B has lockdown and some feature control options configured. Then, specify that users in the Sales user group should move to Group C upon login. Group C has lockdown and VPN profile configurations applied and a more frequent check in schedule.

    Choose a terms and conditions document from the dropdown list.

    Log out automatically after a set period Enable this option to log out a user after a set period.
    Log out automatically when inactive Enable this option to log out a user after a device is inactive for a set period.
    Relocate device back to home device group on logout Enable this option to send the device back to its original group once the device user logs out. Settings and configurations specific to the destination group get replaced by those of the home group.
    Execute script on logout Enable this option to execute a script when the shared device logs out. For the Script type, you can choose from:
    • Legacy
    • JavaScript
    You can also select the Manage Scripts to add/edit/delete a script. See Manage Scripts for details. From the dropdown menu beside Execute Script, choose a script to use. Preview the script to confirm its contents.
    Manage app data on logout Enable this option to clear or retain app data for all applications or for specific ones when a device user logs out of Shared Device mode.
    Primary tab options:
    • Clear data: clears app data for the apps
    • Retain data: retains data for the apps
    Secondary tab options:
    • All apps: Clears or retains data for all apps applied on the group that the device belongs to.
    • Specific apps: Clears or retains data for specific apps configured by the user.
    Note: Email account data is always cleared regardless of these settings.
    See Manage App Data On Shared Device Logout for more information.
    Disable device passcode when user logs out Enable this option to clear the passcode from the device once the device user logs out.
    Note: This option is only supported on iOS devices or Samsung devices running Android 7.0 or later.
  6. Use the up and down arrows to reorder the user group mappings. SOTI MobiControl evaluates user acceptance to each group in the order they appear in the list.
  7. Select OK to save your settings for Shared Device and apply it to your devices.

Results

Shared device is now enabled on your devices. Your device users log in with their directory service or IdP accounts and configure the device to their requirements.

Tip: Use Searching With Properties queries to target devices based on their shared devices status. Applicable device properties include: Shared Device Current User, Shared Device Current User Status, and Shared Device Last User. You can also search for the error states listed in Shared Device Error States.

You can also generate reports based on shared device users or shared device terms and conditions.