Welcome to SOTI MobiControl 2025.1 Help
SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
What's New in SOTI MobiControl
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
- Managing Configurations
  - Using Profiles
    - Creating a Profile
    - Assigning a Profile
    - Editing Profile Access Permissions
    - Editing a Profile
    - Deleting a Profile
    - Cloning a Profile
    - Viewing Profile Assignments
    - Viewing Profile History
    - Viewing Profile Logs
    - Revoking a Profile
    - Reinstalling a Revoked Profile
    - Disabling a Profile
    - Exporting Profiles
    - Importing Profiles
    - Managing Profiles Queue
    - Downloading a Profiles List
    - Emailing a Profiles List
    - Profile Configurations
      - Profile Configurations By Category
        Security Profile Configurations
        Antivirus Protection
        Authentication *DRAFT*
        Authentication
        BitLocker
        Certificate Transparency
        Certificates
        Extensible Single Sign-on
        Factory Reset Protection
        File Encryption
        FileVault
        Kerberos Extensible Single Sign-on
        KNOX Container
        Out of Contact
        Passcode
        SCEP
        Security and Privacy
        Single Sign-on
        Imprivata Mobile Device Access (Single Sign On)
        Use the Imprivata Mobile Device Access profile to create custom connections to LDAP directories to set up Single Sign On Authentication for your Android devices (without the usage of console/configurations/advancedconfigurations/shareddevice/configure_app_authenticator.html feature).
        Microsoft Authenticator SSO
        Use Microsoft Entra ID to perform Single Sign On Authentication for your Android devices (without the usage of console/users/sso_main.html feature).
        Single Sign-on (macOS)
        Single Sign-On for Android with SOTI Identity
        Extensible Single Sign-On (SSO) | iOS/ Shared iPad User
        Kerberos Extensible Single Sign-On (SSO) | iOS/ Shared iPad User
        Kerberos Single Sign-On (SSO) | iOS
        Microsoft Authenticator Single Sign-On (SSO) | iOS
        System Update Policy
        CIS Benchmarks
        Microsoft Security Baselines
        Restrictions Profile Configurations
        Email, Contact, and Calendar Profile Configurations
        Connectivity Profile Configurations
        Other Profile Configurations
        SOTI Apps Profile Configurations
      - Profile Configurations By Platform
    - Declarative Profiles
  - Using Advanced Configurations
  - Using Settings Manager
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
SOTI Cloud Link
Glossary
Notices

Extensible Single Sign-On (SSO) | iOS/ Shared iPad User

About this task

Use the Extensible Single Sign-on (SSO) profile configuration for app extensions that perform single sign-on for compatible iOS apps on iOS and Shared iPad devices.

Important: The target iOS devices must be running iOS 13.0 or later.

Procedure

Create/ edit a Reactive iOS/ Shared iPad User profile and add the Extensible SSO configuration from the Security & Restrictions configurations list.

Note: Shared iPad Users select the Extensible Single Sign On configuration instead.
Enter the bundle identifier of the app extension that performs single sign-on for the specified URLs.
Select the single sign-on type. Choose between:
- Redirect
- Credential.
Note: Choose Redirect when configuring SSO with SOTI Identity.
If you select Credential as the SSO type, enter the required associated Kerberos Realm.
If you select Redirect as the SSO type, select to add URL prefixes of identity providers where the app extension performs single sign-on.
If you select Credential as the SSO type, select in the Add Host Names section to add host or domain names to authenticate through the app extension.
Optional: Use the Extension Data field to add data you want to pass through to the app extension as a plist-formatted dictionary.
Note: The data must begin and end with <dict> tags.
Example
```
<dict>
<key>AllowedApps_BundleID</key>
<string>com.microsoft.skydrive,com.apple.mobilesafari,com.microsoft.azureauthenticator</string>
</dict>
```
Save the configuration and assign the profile to your target devices.

Results

You have successfully configured an Extensible SSO profile for your devices. The profile is now visible in the Profiles view.