Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Devices
Enrolling Devices
Adding Apple Devices
Adding iOS Devices
iOS Enrollment Types
User-based Enrollment for iOS Devices
Using Account-driven User Enrollment
Account-driven user enrollment streamlines Bring Your Own Device (BYOD) setup and management. Users no longer need to download and install enrollment profiles manually. Instead, they sign in directly on their device with a Managed Apple ID or a federated Apple Business Manager (ABM) account.

Welcome to SOTI MobiControl 2025.0 Help
SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
  - Managing Android Enrollment Policies
  - Managing Device Enrollment Rules
  - Enrolling Devices
    - Device Agents
    - Adding Android Plus Devices
    - Adding Apple Devices
      - Using the Apple Push Notification Service
      - Adding iOS Devices
        Apple Enterprise Network Requirements for SOTI MobiControl
        iOS Enrollment Types
        Device-based Enrollment for iOS Devices
        User-based Enrollment for iOS Devices
        Enrolling iOS Devices Using Federated Enrollment
        Using Account-driven User Enrollment
        Account-driven user enrollment streamlines Bring Your Own Device (BYOD) setup and management. Users no longer need to download and install enrollment profiles manually. Instead, they sign in directly on their device with a Managed Apple ID or a federated Apple Business Manager (ABM) account.
        Creating an iOS Enrollment Policy
        Enrolling iOS Devices Using the SOTI Enrollment Service
      - Adding macOS Devices
      - Adding tvOS Devices
      - Manually Renewing MDM Profiles for Apple Devices
      - Using Apple Automated Device Enrollment
    - Adding ChromeOS Devices
    - Adding Linux Devices
    - Adding Windows Devices
    - Using SOTI MobiControl Stage
    - Branding the Enrollment Page
    - Using Unified Enrollment
    - Defining Re-Enrollment Rules
  - Renaming Devices
  - Device Compliance Policies
  - Viewing Device Information
    View device information that SOTI MobiControl tracks in its device information panels. Including device status information (battery level, connectivity), applied policies and configurations, installed applications, device location, and more.
  - Grouping Devices
  - Updating Devices
  - Using Signal Policies
  - Sending Messages to Devices
  - Sharing Devices
  - Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
  - Removing Devices
- Managing Configurations
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
SOTI Cloud Link
Glossary
Notices

Using Account-driven User Enrollment

Account-driven user enrollment streamlines Bring Your Own Device (BYOD) setup and management. Users no longer need to download and install enrollment profiles manually. Instead, they sign in directly on their device with a Managed Apple ID or a federated Apple Business Manager (ABM) account.

Before you begin

Important: Use account-driven user enrollment on devices running iOS 17 or later or iPadOS 17 or later. Devices on iOS 18 or later or iPadOS 18 or later must use account-driven enrollment (the SOTI Enrollment service is not supported). Devices on iOS 16 or earlier and iPadOS 16 or earlier must use the SOTI Enrollment service.

SOTI MobiControl version 2025.0.1 or later
Apple devices running iOS 17 or later, or iPadOS 17 or later
Managed Apple IDs or enterprise accounts federated in Apple Business Manager (ABM)

Account-driven enrollment involves:

Configuring the Discovery Service

Procedure

Create a user-based iOS enrollment policy with Account-driven enrollment enabled. See Creating an iOS Enrollment Policy.

Select Download JSON in the created enrollment policy to download the .JSON registration file.

Selecting Download JSON to download the JSON registration file.

//example JSON registration file content

{
  "Servers": [
    {
      "Version": "mdm-byod",
      "BaseURL": "https://<your-mobicontrol-server>/appleenrollment/userenroll.mobileconfig"
    }
  ]
}

Host the .JSON file at a well-known endpoint in your enterprise’s service discovery system. For example, a GET request to https://acme.com/.well-known/com.apple.remotemanagement should return the JSON object containing your SOTI MobiControl enrollment base URL.

Enrolling Your Apple Device

Procedure

On the device, navigate to Settings > General > VPN & Device Management.
Select Sign In to Work or School Account.
When prompted, enter your Managed Apple ID or federated user account. The device uses this account to find the correct enrollment URL from the com.apple.remotemanagement domain.
Enter your organizational username and password to authenticate.
After successful authentication, the device automatically receives the enrollment profile. Follow any on-screen instructions to complete enrollment.
If required, authenticate again to complete the device configuration.

Results

After enrollment, the device applies managed apps and profiles. Check the device details in SOTI MobiControl to confirm that the user account is linked successfully.