Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Devices
Sharing Devices
Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
App Policy
Install the Authenticator app from the app policy and set all necessary advanced configurations.

Welcome to SOTI MobiControl 2025.1 Help
SOTI MobiControl is an enterprise mobile management solution dedicated to helping you manage your enterprise devices. Use SOTI MobiControl Help to learn about all the features available through SOTI MobiControl.
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
What's New in SOTI MobiControl
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
  - Managing Android Enrollment Policies
  - Managing Device Enrollment Rules
  - Enrolling Devices
  - Renaming Devices
  - Device Compliance Policies
  - Viewing Device Information
  - Performing Device Actions
  - Grouping Devices
  - Updating Devices
  - Using Signal Policies
  - Sending Messages to Devices
  - Sharing Devices
    - Configuring Shared Device
    - Single Sign-On (SSO) For Shared Devices Using Microsoft Authenticator
      You can use Microsoft Authenticator for single sign-on (SSO) to applications supporting Microsoft Authentication Library (MSAL) on shared devices.
      - Assigning User Licenses In Microsoft Entra ID/Azure AD
        This procedure describes how to assign licenses in Microsoft Entra ID/Azure AD for use with Single Sign On (SSO) using Microsoft Authenticator.
      - Connect SOTI MobiControl to Microsoft Intune and Microsoft Intune Compliance Partner Configuration
      - Add Azure Directory
      - Android Device Enrollment
      - Assigning a Profile
        To enable account creation on a device, install a feature control payload before assigning an app policy. The feature control payload must be correctly installed on the device and not impacted by other profiles.
      - App Policy
        Install the Authenticator app from the app policy and set all necessary advanced configurations.
        Converting User Mode Registration to Shared Mode Registration
        These steps describe how to change devices registered into Microsoft Entra ID as Microsoft User mode to Microsoft Shared mode.
      - SSO Group Level Configuration
      - Log In With Single Sign-on
      - Log Out With Single Sign-on
      - Configuring Lockdown for Shared Devices
    - Single Sign-On (SSO) For Shared Devices Using Imprivata MDA
      This procedure describes how to use Imprivata MDA as your app authenticator.
    - Logging into Android Plus Shared Devices
    - Logging into iOS Shared Devices
    - Logging Out Shared Devices
    - Shared iPad for Business
    - Troubleshooting Shared Devices
    - Shared Device Error States
  - Using SHA-1 and SHA-2 Certificates on the Same Deployment Server
  - Removing Devices
- Managing Configurations
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
SOTI Cloud Link
Glossary
Notices

App Policy

Install the Authenticator app from the app policy and set all necessary advanced configurations.

About this task

To create and assign one app policy:

Procedure

Navigate to Policies > Apps then select New App Policy to create one new app policy for Android Enterprise.
Add the Microsoft Authenticator app.
Select Add.
Select Configure to open ADVANCED CONFIGURATIONS.
Select the Installation Options section, then select Mandatory as the deployment type. Select High Priority, then toggle on Launch App After Installation.
Select the Managed App Config section, then toggle on Enable Managed App Config.
Do one of the following:
- If you have added credentials (Microsoft Entra Tenant ID) to Microsoft Integration, select Populate. you may skip step 9.
- If you have not or want to select Manual Entry, proceed with the following steps.
Toggle on Shared Device Mode.
Enter the same tenant id used for conditional access integration into the Shared Device Mode Tenant Identifier field. Enter macro %SHARED_DEVICE_REG_TOKEN% in the Shared Device Mode Registration token field.
Select SAVE then SAVE AND ASSIGN. Assign the policy to the device or group where the device resides.

What to do next

Configure the Single Sign-on group.