Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Configurations
Using Profiles
Profile Configurations
Profile Configurations By Category
Security Profile Configurations
Single Sign-on
Configuring Microsoft Authenticator SSO (Android)
Set up Microsoft Authenticator SSO on Android devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.

Welcome to SOTI MobiControl 2026.0 Help
SOTI MobiControl is an enterprise mobility management solution designed to help you efficiently manage your organization's devices. Use the SOTI MobiControl Help Center to explore its full range of features.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Using Stella
- Managing Users
- Managing Devices
- Managing Configurations
  - Using Profiles
    - Creating a Profile
      Use profiles to configure and deploy device settings, software packages, and assets to your managed devices. This task walks you through creating a profile, adding configurations and packages, and preparing it for assignment to target devices.
    - Assigning a Profile
      Assign profiles to devices or device groups to apply configurations and settings consistently across your device fleet.
    - Editing Profile Access Permissions
      Use this feature to edit access permissions for one or more profiles. You can assign read, write, or approval-based access to users, groups, or roles.
    - Editing a Profile
    - Deleting a Profile
    - Cloning a Profile
    - Viewing Profile Assignments
    - Viewing Profile History
    - Viewing Profile Logs
    - Revoking a Profile
    - Reinstalling a Revoked Profile
    - Disabling a Profile
    - Exporting Profiles
    - Importing Profiles
    - Managing Profiles Queue
    - Downloading a Profiles List
    - Emailing a Profiles List
    - Profile Configurations
      - Profile Configurations By Category
        Security Profile Configurations
        Antivirus Protection
        Authentication
        BitLocker
        Certificate Transparency
        Managing Certificates
        Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
        Factory Reset Protection
        File Encryption
        FileVault
        KNOX Container
        Out of Contact
        Passcode
        SCEP
        Security and Privacy
        Single Sign-on
        Single Sign-On for Android with SOTI Identity
        Imprivata Mobile Device Access | Single Sign On (Android)
        Use the Imprivata Mobile Device Access profile to create custom connections to LDAP directories and set up Single Sign On authentication for your Android devices without using the console/configurations/advancedconfigurations/shareddevice/configure_app_authenticator.html feature.
        Single Sign on (macOS)
        Configuring Extensible Single Sign-On (iOS/ Shared iPad User)
        Configuring Kerberos Extensible Single Sign-On (iOS/ Shared iPad User)
        Configuring Kerberos Single Sign-On (iOS)
        Configuring Microsoft Authenticator Single Sign-On (iOS/ iPadOS)
        Set up Microsoft Authenticator SSO on iOS or iPadOS devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.
        Configuring Microsoft Authenticator SSO (Android)
        Set up Microsoft Authenticator SSO on Android devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.
        Assign User Licenses in Microsoft Entra ID/Azure AD
        Add a Microsoft Authenticator SSO Payload (Android)
        Connect Microsoft Entra ID for Microsoft Authenticator SSO (Android)
        Set up a trusted connection between SOTI MobiControl and Microsoft Entra ID to support device registration and Single Sign-On (SSO) for Microsoft apps.
        Configure Microsoft Access Management for Microsoft Authenticator SSO (Android)
        Deploying the Microsoft Authenticator SSO Payload and an App Policy for Microsoft Shared Mode Device Registration (Android)
        Deploy the Microsoft Authenticator SSO payload and the required Microsoft Authenticator app to register the device as Microsoft Shared Mode.
        Activating Microsoft Authenticator SSO for MSAL (Android) Applications
        Activate Single Sign On (SSO) on your Microsoft Shared Device to seamless sign in to Microsoft Authentication Library (MSAL) apps.
        System Update Policy
        CIS Benchmarks
        Microsoft Security Baselines
        Restrictions Profile Configurations
        Email, Contact, and Calendar Profile Configurations
        Connectivity Profile Configurations
        Other Profile Configurations
        SOTI Apps Profile Configurations
      - Profile Configurations By Platform
    - Declarative versus Reactive Profiles
  - Using Advanced Configurations
  - Using Settings Manager
  - Approval Workflow for Profile Changes
    This overview outlines the fail-safe configuration for mission-critical profiles, designed to enhance the reliability and security of profile management in SOTI MobiControl.
- Managing Applications
- Managing Data
- Managing Certificates
  Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
Cloud Link Agent
Glossary
Notices

Configuring Microsoft Authenticator SSO (Android)

Set up Microsoft Authenticator SSO on Android devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.

Use Microsoft Entra ID to enable Single Sign-On (SSO) on Android devices managed through SOTI MobiControl. This configuration supports SSO across apps that use Microsoft Authentication Library (MSAL) without relying on the SSO for Shared Devices feature.

Prerequisites

Manage Profile permissions. See General Permissions.
Microsoft Entra ID (formerly Azure AD) Premium 1 or higher licenses with Microsoft Conditional Access enabled.
A supported Microsoft license plan ( See Microsoft license plans), such as:
- Microsoft 365 E3, E5, F1, or F3
- Enterprise Mobility + Security (EMS) E3 or E5
  
  See Assign User Licenses in Microsoft Entra ID/Azure AD for instructions on assigning these licenses.
  Note: When adding a license for a user, select all services. Services may differ based on the subscription type.

Important: To perform SSO, the device must be registered in Microsoft Shared Mode. Steps one to five to register the device in Microsoft Shared Mode. Once registered, step six instructs how to activate SSO for seamless login in MSAL applications.

Workflow