Configuring Shared Device for Android

Before you begin

Make sure the following prerequisites are met:
  • A valid directory service or identity provider connection is configured in SOTI MobiControl. These credentials verify which users can access Shared Device features. See Identity Management for setup instructions.
  • If you want to present terms and conditions to device users upon login, upload terms and conditions to SOTI MobiControl before beginning this task.

About this task

This task provides detailed steps on configuring the Shared Device feature on Android devices.

Procedure

  1. Create and organize device groups to capitalize on Shared Device functionality.
    • The Shared Device feature gets applied at the device group level and all its subgroups (unless otherwise specified).
    • You can set Shared Device to move devices to a nested group with different settings when a user logs in. This allows you to control available settings or configurations based on the device’s login status.
    • You can also relocate devices to different groups depending on the user who logs in.
    A basic device group structure might look like this:
    Nested device groups
    Depending on your relocation settings, devices may remain in Warehouse or move to either Warehouse A or Warehouse B.
  2. Apply any rules, settings, or configurations that you want enabled on the main device group or its nested device groups.
    Note: Add a Lockdown configuration to the main shared device group. This restricts the functionality of devices for unauthorized users.
  3. In the Devices view, right-click the target device group and choose Advanced Configurations.
    Configuring Advanced Settings
  4. Choose Android Plus from the device family dropdown and select Shared Device from the list of advanced configurations.
    Note: You can add both Android and iOS devices within the same group, but you must configure them individually.
  5. In the Shared Device dialog box, enable the Enable Shared Device Configuration toggle.
    Enabling Shared Device
  6. Configure Shared Device options:
    Single Sign-On (SSO) Authenticator App Choose the SSO authentication type for the shared device:
    • None: Do not use SSO authentication.
    • Microsoft Authenticator: Uses Microsoft Entra ID for SSO authentication.
    • Imprivata Mobile Device Access (MDA): Uses Imprivata MDA for SSO authentication.
    User Groups Select to add a user group from either Directory Services or Identity Providers.

    If no directory service or IdP is configured, select Manage Services to create a connection. Refer to Identity Management for details.
    User Group Mapping Map each user group to a different destination device group with different terms and conditions.
    For example:
    • IT users → Group B (lockdown + feature controls)
    • Sales users → Group C (lockdown + VPN + frequent check-in)

    Configure Relocate Device To for destination groups, or select Do Not Relocate.

    Choose the desired Terms and Conditions document from the dropdown list.
    Log Out Automatically After a Set Period Schedule automatic logout after a specified duration (1—1500 hours or 5—1500 minutes).
    Log Out Automatically When Inactive Schedule automatic logout if a device remains idle beyond a specified duration (1—1500 hours or 5—1500 minutes).
    Log Out Automatically Based on Device Charging Logs out the user when the device is plugged in or charging.
    Relocate Device Back to Home Device Group on Logout Sends the device back to its original group. Settings and configurations specific to the destination group get replaced by those of the home group.
    Execute Script on Logout Executes a script when the shared device logs out. For the Script type, you can choose from:
    • Legacy
    • JavaScript
    You can also select Manage Scripts to add/edit/delete a script. See Manage Scripts for details. From the dropdown menu beside Execute Script, choose a script to use. Preview the script to confirm its contents.
    Manage App Data on Logout Clear or retain app data for all applications or for specific ones when a device user logs out of Shared Device mode.
    Specify the configuration type. Choose from:
    • Clear Data: clears app data for the apps
    • Retain Data: retains data for the apps
    Configure Apply to settings: Choose from
    • All Apps: Clears or retains data for all apps applied on the group that the device belongs to.
    • Specific Apps: Clears or retains data for specific apps configured by the user.
    Note: Email account data is always cleared.
    See Manage App Data On Shared Device Logout for more information.
    Disable Device Passcode When User Logs Out Enable this option to clear the passcode from the device once the device user logs out.
    Note: This option is only supported on iOS devices or Samsung devices running Android 7.0 or later.
    Allow User to Configure PIN on Login Enable this toggle to allow users to set a PIN. Additional options include:
    • Set a Default PIN on Logout
    • Default PIN
    • PIN Complexity for User Entered PIN
  7. Use the up and down arrows to reorder the user group mappings. SOTI MobiControl evaluates user acceptance to each group in the order they appear in the list.
  8. Select Save to apply the Shared Device settings.

Results

Shared device is now enabled on your devices. Your device users log in with their directory service or IdP accounts and configure the device to their requirements.
Tip:
  • Use Searching With Properties queries to target devices based on their shared devices status. Applicable device properties include: Shared Device Current User, Shared Device Current User Status, and Shared Device Last User.
  • You can also search for the error states listed in Shared Device Error States.
  • You can also generate reports based on shared device users or shared device terms and conditions.