Directory

Use the Directory dialog box to create or edit on-premises and Azure-based directory connections.

For more information, see:

LDAP Directories and Azure Directories

This pane of the dialog box lists the existing LDAP and Azure directories.

LDAP Directories

LDAP Directories The list of the LDAP directories. This list includes the following columns:
  • Name:The LDAP connection name. Select to open the directory in the LDAP Directories / Connection Details pane for editing.
  • Server Type:The type of the LDAP server.
  • Server Address:The hostname or IP address of the LDAP server and the connection port.
  • Delete: Select the icon to delete the directory.
Add Select this icon to open the LDAP Directories / Connection Details panel to configure a new directory.

Azure Directories

Azure Directories The list of the Azure directories. This list includes the following columns:
  • Name: The directory name. Select to open the directory in the Azure Directories / Connection Details pane for editing.
  • Tenant ID: The AD tenant's ID.
  • Application: The application associated with the tenant.
  • Delete: Select the icon to delete the directory.
Add Select this icon to open the Azure Directories / Connection Details pane for configuring a new directory.

LDAP Directories / Connection Details

Name The name for the LDAP connection. This name is for reference only.
Server Type Select the LDAP server type. The server type determines which default search attributes to use.

Choose from:

  • Active Directory
  • Open Directory
  • Domino
  • Other LDAP
Server Address The hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636.
Note: The port can be any value that matches the server's settings.
Use SSL Turn on to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
Accept Untrusted Certificates Turn on to use SSL connections with untrusted certificates (usually self-signed CA root certificates).
Note: Disable this option in a production environment.
Authentication Type Choose how to connect to the server. The authentication type should match the server's settings:
  • Anonymous: Make the connection without passing credentials.
  • Basic: Use basic authentication on the connection.
  • Negotiate: Use Microsoft Negotiate authentication on the connection.
Username The username for binding to the connection when the Authentication Type is Basic or Negotiate.
Password The password of the binding user.
Base DN (Distinguished Name) The top level of the LDAP directory tree as the base (referred to as the "base DN"). This option defines the highest level of the LDAP search scope (also known as the RootContainer).
Follow Referrals Enables searching of the binding server and the referral servers listed in the search response.
Follow Static Referrals Enables searching of the binding server, the referral servers, and the servers in the static referral server list.
Cloud Link Agent Select a configured Cloud Link Agent from the list to use this directory service connection for console authentication and device enrollment on cloud environments.

General Attributes

Object Class The identifier name of the Object Class, a keyword indicating this is an objectClass definition (or others). The default is "objectClass," and an alternative could be "objectCategory."
Object Class Group Attribute The keyword to define the search filter for group-related searching.
Object Class User Attribute The keyword to define the search filter for user-related searching.
Default Naming Context The root DSE attribute for defining the root directory server entry (DSE) for the server instance.

Group Attributes

Identifier 1 The keyword to define the search filter for fetching the group's object Security Identifier (SID).
Identifier 2 The keyword to define the search filter for fetching the group's object Globally Unique Identifier (GUID).
Common Name The keyword to define the search filter for fetching the common name.
Account Name The keyword to define the search filter for fetching the account name.
Authentication Search Pattern The search string for fetching the authentication information.
Member The keyword to define the search filter for fetching memberships of group attributes.
Nested Group The keyword to define where the search filter should look when searching groups.

User Attributes

Identifier 1 The keyword to define the search filter for fetching the user's object Security Identifier (SID).
Identifier 2 The keyword to define the search filter for fetching the user's object Globally Unique Identifier (GUID).
Common Name The keyword to define the search filter for fetching common names.
Account Name The keyword to define the search filter for fetching account names.
Email The keyword to define the search filter for fetching user emails.
Authentication Search Pattern The search string for fetching the authentication information.
Add User Search Pattern The search string for fetching the add user information.
SSO User Search Pattern The search string for fetching the SSO user information.
User Principal Name The keyword to define the search filter for fetching user principal names.
Password Last Set The date and time that the account's password was last changed.
First Name The keyword to define the search filter for fetching the user's first name.
Middle Name The keyword to define the search filter for fetching the user's middle name.
Last Name The keyword to define the search filter for fetching the user's last name.
Phone Number The keyword to define the search filter for fetching the user's phone number.
Custom Attribute 1 The keyword to define the search filter for fetching the first customized user property.
Custom Attribute 2 The keyword to define the search filter for fetching the second customized user property.
Custom Attribute 3 The keyword to define the search filter for fetching the third customized user property.
Identifier 1 The keyword to define the search filter for fetching Security Identifier (SID) of the user.

Map Additional User Attributes

Mapped Attribute Use the button to map additional user attributes.

Choose from the list of attributes:

  • Car License
  • City
  • Company
  • Country Name
  • Department
  • Description
  • Display Name
  • Division
  • Employee ID
  • Employee Number
  • Employee Type
  • Fax
  • Group
  • Home
  • IP Phone
  • Initials
  • Manager
  • Mobile
  • Notes
  • PO Box
  • Room Number
  • State/ Province
  • Street
  • Telephone Number (Other)
  • Title
  • Web Page
  • Zip/ Postal Code
Name Enter the value for the associated mapped attribute.
Tip: Use the mapped attributes to search for devices and assign profile and policies to the devices after indexing them on the search filter. For more information, see Indexing Properties.

Azure Directories / Connection Details

Name The name of the new connection.
Microsoft Graph API Address The service root for the Microsoft Graph API request.

The default address is https://graph.microsoft.com.
Azure Tenant ID Select the icon to display the Azure Tenant panel, where you configure new tenants.
Azure Application The MDM associated with the Tenant ID.

Azure Tenant ID

Name The name you want to give to the tenant. This name identifies the tenant in the tenant list.
Azure Primary Domain The Azure Primary Domain you received from Microsoft when you signed up for Azure AD.
Azure Tenant ID The Azure tenant ID you received from Microsoft when you signed up for Azure AD.
Metadata Endpoint Address The metadata endpoint address you received from Microsoft when you signed up for Azure AD.
OIDC Metadata Endpoint Address The OpenID Connect metadata endpoint address you received from Microsoft when you signed up for Azure AD. This field refers to the OpenID Connect metadata document endpoint in Azure.
Note: This is a non-mandatory field. However, you must authenticate Android, iOS, or macOS devices upon enrollment using Azure AD.
Application Names Select the icon to display the Application Name section.
Application Name For each application, enter:
  • Application Name: The name of the SOTI MobiControl instance.
  • Client ID: The client ID of the SOTI MobiControl instance.
  • Client Secret: The client secret of the SOTI MobiControl instance.
  • Delete: The delete icon appears to the right of each application row. You can select it to delete the corresponding application from the list.

After making changes, follow the prompts to Save or Cancel them.