Imprivata Mobile Device Access | Single Sign On (Android)

Use the Imprivata Mobile Device Access profile to create custom connections to LDAP directories and set up Single Sign On authentication for your Android devices without using the Single Sign-On (SSO) For Shared Devices Using Imprivata MDA feature.

Important: Once you save and assign this profile to a set of devices, you must create an app policy with Imprivata MDA app configured. During the app policy creation, execute the following operations:
  1. Make sure for the Deployment Type, you select Mandatory.
  2. Enable the Manage App Config toggle and for the Enterprise Access Management server address field, add one sign server address.

Setting up the Imprivata Mobile Device Access profile

Before You Begin: To use the Imprivata Mobile Device Access profile to create custom connections to LDAP directories, you must first create an Enterprise Binding. See Enterprise Bindings for details.

  1. Create a profile and the Imprivata Mobile Device Access profile configuration.
  2. Select Manage to manage custom connections to LDAP directories.
  3. From the Manage Directory dialog box, select to add a connection with a LDAP directory. Then configure based on the following details:
  4. After configuring the LDAP directory, select Save. Then select the created LDAP directory from the Imprivata Directory.
  5. Later, create an app policy using the Imprivata Mobile Device Access app for devices using this profile.
Table 1. Connection Details
Name The name for the LDAP connection. This name is for reference only.
Server Type Select the LDAP server type. The server type determines which default search attributes to use.

Choose from:

  • Active Directory
  • Open Directory
  • Domino
  • Other LDAP
Server Address The hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636.
Note: The port can be any value that matches the server's settings.
Use SSL Turn on to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
Authentication Type Choose how to connect to the server. The authentication type should match the server's settings:
  • Anonymous: Make the connection without passing credentials.
  • Basic: Use basic authentication on the connection.
  • Negotiate: Use Microsoft Negotiate authentication on the connection.
Username The username for binding to the connection when the Authentication Type is Basic or Negotiate.
Password The password of the binding user.
Base DN (Distinguished Name) The top level of the LDAP directory tree as the base (referred to as the "base DN"). This option defines the highest level of the LDAP search scope (also known as the RootContainer).
Follow Referrals Enables searching of the binding server and the referral servers listed in the search response.
Cloud Link Agent This setting only applies to SOTI MobiControl Cloud instances, not on-premises installations.

Ensure you install the SOTI Cloud Link Broker CLI and set up SOTI Cloud Link Agent for SOTI MobiControl.

For more information about how to setup LDAP, see Adding an On-Premises LDAP Connection.

Make sure that you selected a CLA. For example, refer to the following screenshot:

Selecting Cloud Link Agent

General attributes

Object Class The identifier name of the Object Class, a keyword indicating this is an objectClass definition (or others). The default is "objectClass," and an alternative could be "objectCategory."
Object Class Group Attribute The keyword to define the search filter for group-related searching.
Object Class User Attribute The keyword to define the search filter for user-related searching.
Default Naming Context The root DSE attribute for defining the root directory server entry (DSE) for the server instance.

Group Attributes

Identifier 1 The keyword to define the search filter for fetching the group's object Security Identifier (SID).
Identifier 2 The keyword to define the search filter for fetching the group's object Globally Unique Identifier (GUID).
Common Name The keyword to define the search filter for fetching the common name.
Account Name The keyword to define the search filter for fetching the account name.
Authentication Search Pattern The search string for fetching the authentication information.
Member The keyword to define the search filter for fetching memberships of group attributes.
Nested Group The keyword to define where the search filter should look when searching groups.

User Attributes

Identifier 2 The keyword to define the search filter for fetching the user's object Globally Unique Identifier (GUID).
Common Name The keyword to define the search filter for fetching common names.
Account Name The keyword to define the search filter for fetching account names.
Email The keyword to define the search filter for fetching user emails.
Authentication Search Pattern The search string for fetching the authentication information.
Add User Search Pattern The search string for fetching the add user information.
SSO User Search Pattern The search string for fetching the SSO user information.
User Principal Name The keyword to define the search filter for fetching user principal names.
Password Last Set The date and time that the account's password was last changed.
First Name The keyword to define the search filter for fetching the user's first name.
Middle Name The keyword to define the search filter for fetching the user's middle name.
Last Name The keyword to define the search filter for fetching the user's last name.
Phone Number The keyword to define the search filter for fetching the user's phone number.
Custom Attribute 1 The keyword to define the search filter for fetching the first customized user property.
Custom Attribute 2 The keyword to define the search filter for fetching the second customized user property.
Custom Attribute 3 The keyword to define the search filter for fetching the third customized user property.
Identifier 1 The keyword to define the search filter for fetching the user's object Security Identifier (SID).