Sharing Devices
Before you begin
You must have a valid directory service or identity provider connection configured in SOTI MobiControl. SOTI MobiControl uses these credentials to verify which device users can access shared device features. See Identity Management for help setting up these connections.
To present terms and conditions to your device users when they log into a shared device, upload terms and conditions to SOTI MobiControl before beginning this task.
About this task
Shared Device is only supported on Android (with a SOTI MobiControl Device Agent of 13.7.0 or later) and iOS devices.
This section has the following topics:
- Configuring Shared Device
- Configuring Imprivata MDA as App Authenticator
- Logging into Android Plus Shared Devices
- Logging into iOS Shared Devices
- Logging Out Shared Devices
- Shared iPad for Business
- Troubleshooting Shared Devices
- Shared Device Error States
To set up Shared Device on your devices:
Procedure
-
Create and organize your device groups to capitalize on Shared Device functionality.
The Shared Device feature gets applied at the device group level and all its subgroups (unless otherwise specified). You can set Shared Device to move devices to a nested group with different settings when a user logs into a device. This way, you control which settings or configurations are available depending on the log-in status of the device. You can even choose different device groups depending on the user who logs into the device.
A basic device group structure might look like this:
Depending on your relocation settings, devices may remain in Warehouse or move to either Warehouse A or Warehouse B.
-
Apply any rules, settings, or configurations that you want enabled on the main device group or its nested device groups.
Important: On iOS devices, you must install the SOTI MobiControl Login app to access Shared Device features. Use an app policy to deploy it to devices.Tip: Consider adding a Lockdown | Using the Configuration (Android Plus) or Single App Mode (iOS - set to the SOTI MobiControl Login app) profile configuration to the main shared device group. This restricts the functionality of devices for unauthorized users.
- In the Devices view, right-click on the device group where you want to apply Shared Device and select Advanced Configurations.
- Choose either Android Plus or Apple from the device type dropdown and select Shared Device from the list of Advanced Configurations. You can add both Android and iOS devices within the same group, but you must configure them individually.
-
In the Shared Device Configuration dialog box, select the
Enable Shared Device Configuration option and begin
filling in the fields to configure Shared Device.
Enable Shared Device Select this option to enable the Shared Device advanced configuration. Single Sign-on (SSO) authenticator app Choose the type of SSO authentication for the shared device. Do not use SSO authentication. Use Azure AD for SSO authentication. Use Imprivata MDA for SSO authentication. Add Groups - Directory Service
- Identity Provider
Select the to select either a Directory Services or an Identity Provider connection from the dropdown list. If you have not configured a directory service or IdP, you can set up a new connection by selecting Manage Directories. Refer to Identity Management for instructions on how to associate your identity management system with SOTI MobiControl.
User Group Mapping Use this table to map user groups to the device groups they'll move into once a user from that user group logs into the device. You can map each user group to a different destination device group with different terms and conditions. For example, you can specify that the devices logged into by users in the
IT
user group should move toGroup B
upon login. Group B has lockdown and some feature control options configured. Then, specify that users in theSales
user group should move toGroup C
upon login. Group C has lockdown and VPN profile configurations applied and a more frequent check in schedule.Choose a terms and conditions document from the dropdown list.
Log out automatically after a set period Enable this option to log out a user after a set period. Log out automatically when inactive Enable this option to log out a user after a device is inactive for a set period. Relocate device back to home device group on logout Enable this option to send the device back to its original group once the device user logs out. Settings and configurations specific to the destination group get replaced by those of the home group. Execute script on logout Enable this option to execute a script when the shared device logs out. For the Script type, you can choose from: You can also select the Manage Scripts to add/edit/delete a script. See Manage Scripts for details. From the dropdown menu beside Execute Script, choose a script to use. Preview the script to confirm its contents. Manage app data on logout Enable this option to clear or retain app data for all applications or for specific ones when a device user logs out of Shared Device mode. Primary tab options:Secondary tab options:Note: Email account data is always cleared regardless of these settings.See Manage App Data On Shared Device Logout for more information.Disable device passcode when user logs out Enable this option to clear the passcode from the device once the device user logs out. Note: This option is only supported on iOS devices or Samsung devices running Android 7.0 or later. - Use the up and down arrows to reorder the user group mappings. SOTI MobiControl evaluates user acceptance to each group in the order they appear in the list.
- Select OK to save your settings for Shared Device and apply it to your devices.
Results
Shared device is now enabled on your devices. Your device users log in with their directory service or IdP accounts and configure the device to their requirements.
You can also generate reports based on shared device users or shared device terms and conditions.