Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
SOTI MobiControl Console Reference
Global Settings
Cisco ISE
Use Cisco ISE to verify device identity using the Globally Unique Identifier (GUID), even when MAC address randomization is enabled.

Welcome to SOTI MobiControl 2026.0 Help
SOTI MobiControl is an enterprise mobility management solution designed to help you efficiently manage your organization's devices. Use the SOTI MobiControl Help Center to explore its full range of features.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Using Stella
- Managing Users
- Managing Devices
- Managing Configurations
- Managing Applications
- Managing Data
- Managing Certificates
  Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
  - Enrollment Policies
  - Profiles
  - App Policies
  - Compliance Policies
  - Agents
  - Servers
  - Global Settings
    - Device Agent and Plugin
    - Enterprise Bindings
    - Enterprise Migration Certificate
    - Re-Enrollment Rule
    - Samsung Knox E-FOTA
      Use the Samsung Knox E-FOTA configuration to manage the firmware updates for your Knox enabled Samsung devices.
    - Samsung ELM
    - Samsung KPE
    - Zebra LifeGuard OTA
    - App Store License Management
    - Apple Push Notification Service
    - Apple Root Certificate
    - Automated Device Enrollment
    - PRK Encryption Certificate
    - Administrative Console
    - Enrollment Page
    - Login Page
    - Self Service
    - Chrome Enterprise Binding
    - Access Control Policy
    - Authentication Options
    - Directory Service Sync Frequency
    - Endpoint Authentication
    - Locate Timeout
    - SOTI Search Settings
    - System Health
    - Custom Attributes
    - Device Maintenance
      Use the Device Maintenance settings in Global Settings to control how SOTI MobiControl manages offline and deleted devices, including data retention, permanent deletion rules, and agent version requirements.
    - Enrollment Rules
    - Restriction Rules
    - Terms and Conditions
    - Unenrollment Actions
    - Log Levels
    - Log Maintenance
    - Cloud Link Agent
    - Cloud Link Agents
    - Deployment Server Settings
      When there are more than one SOTI MobiControl Deployment Servers in your environment, you can customize the distribution the incoming and outgoing device interactions amongst the Deployment Servers. This feature provides automatic rebalancing when a Deployment Server disconnects and then later reconnects.
    - Global Settings | SOTI Plugins
      Use the SOTI Plugins section to install and update the Stella plugin.
    - API Clients
    - Cisco ISE
      Use Cisco ISE to verify device identity using the Globally Unique Identifier (GUID), even when MAC address randomization is enabled.
    - Directory
    - Global Proxy
    - Google Workspace Bindings
      SOTI Google Workspace Bindings allow integration between SOTI and Google Workspace. This setup enables organizations to manage Enterprise Chromebooks and use their existing Google Workspace credentials to access SOTI services without managing separate user accounts.
    - Identity Provider
    - Microsoft 365
    - SMTP Server Connections
    - Syslog
    - Using Webhooks
    - SOTI ONE Configurations
    - Device Health Attestation
    - Re-Enrollment Rule (Windows)
    - Windows Notification Service
  - Users and Permissions
  - Reports
  - Advanced Configurations
  - ERG Installer
  - Common Dialog Boxes
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
Cloud Link Agent
Glossary
Notices

Cisco ISE

Use Cisco ISE to verify device identity using the Globally Unique Identifier (GUID), even when MAC address randomization is enabled.

The Cisco Identity Services Engine (ISE) feature in Global Settings improves SOTI MobiControl’s ability to validate enrolled and compliant devices before they connect to enterprise networks. It uses the device’s Globally Unique Identifier (GUID) instead of the MAC address to ensure reliable identity verification, even when MAC randomization is active. This applies to iOS and Android devices.

Many organizations use Cisco Identity Services Engine to manage secure device access. With this integration, SOTI MobiControl sends the device’s GUID to Cisco ISE v3.0, which verifies enrollment, compliance status, and authorization. This process helps prevent unauthorized or spoofed devices from accessing protected resources, especially in BYOD or mobile-first environments.

The integration also supports Cisco ISE v3.0 APIs for device identification, compliance checks, and certificate validation. While Basic authentication is currently required by Cisco ISE for API communication, OAuth and certificate-based methods are not supported at this time.

Organizations currently using Cisco ISE v2.0 are unable to detect certificate spoofing or validate devices with randomized MAC addresses. Upgrading to Cisco ISE v3.0 integration with SOTI MobiControl provides stronger security, especially for Wi-Fi networks and BYOD environments.

Cisco ISE toggle button in Global Settings.

(1) To enable Cisco ISE, select the Enable Cisco ISE toggle. This ensures consistent, policy-based access control by allowing Cisco ISE to accurately identify devices, even when MAC address randomization is active.

Key Capabilities:

Supports device GUID-based identity verification
Enables access control when MAC address randomization is enabled
Verifies enrollment, compliance status, and certificate validity using Cisco ISE v3.0 APIs

Business Benefits:

Strengthens network security and reduces the risk of unauthorized access
Improves support for BYOD and mobile-first environments
Keeps security architecture aligned with Cisco’s latest features and protocols

Limitations:

Basic authentication is currently the only supported protocol for integration with Cisco ISE