Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Configurations
Using Profiles
Profile Configurations
Profile Configurations By Category
Security Profile Configurations
Managing Certificates
Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
Deploying Managed (Dynamic) Certificates
Use integrated Certificate Authority (CA) services in SOTI MobiControl to automatically deploy, renew, and manage dynamic certificates for secure device authentication.
Step One: Integrate Certificate Authority Services
Integrate third-party Certificate Authority services in SOTI MobiControl to enable automated certificate life-cycle management. Supported services include ACME, ADCS, EJBCA, Entrust, SCEP, and Sectigo.
Certificate Authority Integration Details
Use the Certificate Authority dialog box in SOTI MobiControl to integrate supported CA services—such as ADCS, ACME, EJBCA, Entrust, Sectigo, and SCEP.
Issuing Enrollment and User Certificates Using ADCS

Welcome to SOTI MobiControl 2026.0 Help
SOTI MobiControl is an enterprise mobility management solution designed to help you efficiently manage your organization's devices. Use the SOTI MobiControl Help Center to explore its full range of features.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Using Stella
- Managing Users
- Managing Devices
- Managing Configurations
  - Using Profiles
    - Creating a Profile
      Use profiles to configure and deploy device settings, software packages, and assets to your managed devices. This task walks you through creating a profile, adding configurations and packages, and preparing it for assignment to target devices.
    - Assigning a Profile
      Assign profiles to devices or device groups to apply configurations and settings consistently across your device fleet.
    - Editing Profile Access Permissions
      Use this feature to edit access permissions for one or more profiles. You can assign read, write, or approval-based access to users, groups, or roles.
    - Editing a Profile
    - Deleting a Profile
    - Cloning a Profile
    - Viewing Profile Assignments
    - Viewing Profile History
    - Viewing Profile Logs
    - Revoking a Profile
    - Reinstalling a Revoked Profile
    - Disabling a Profile
    - Exporting Profiles
    - Importing Profiles
    - Managing Profiles Queue
    - Downloading a Profiles List
    - Emailing a Profiles List
    - Profile Configurations
      - Profile Configurations By Category
        Security Profile Configurations
        Antivirus Protection
        Authentication
        BitLocker
        Certificate Transparency
        Managing Certificates
        Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
        Deploying Manually Uploaded Certificates
        Deploy externally sourced certificates to devices using the Certificates profile configuration in SOTI MobiControl.
        Using the Certificates Dashboard
        The Certificates Dashboard in SOTI MobiControl offers a centralized view and management of all deployed certificates. It features interactive charts, detailed tables for static and dynamic certificates, advanced filtering, and bulk actions like renewal and revocation all in one place.
        Deploying Managed (Dynamic) Certificates
        Use integrated Certificate Authority (CA) services in SOTI MobiControl to automatically deploy, renew, and manage dynamic certificates for secure device authentication.
        Step One: Integrate Certificate Authority Services
        Integrate third-party Certificate Authority services in SOTI MobiControl to enable automated certificate life-cycle management. Supported services include ACME, ADCS, EJBCA, Entrust, SCEP, and Sectigo.
        Certificate Authority Integration Details
        Use the Certificate Authority dialog box in SOTI MobiControl to integrate supported CA services—such as ADCS, ACME, EJBCA, Entrust, Sectigo, and SCEP.
        Issuing Enrollment and User Certificates Using ADCS
        Step Two: Create a Certificate Template
        Define templates to issue dynamic certificates using your integrated certificate authority.
        Step Three: Deploy Dynamic Certificates
        Deploy dynamic certificates to devices using templates and the Certificates configuration in SOTI MobiControl.
        Managing Certificates on a Device
        Factory Reset Protection
        File Encryption
        FileVault
        KNOX Container
        Out of Contact
        Passcode
        SCEP
        Security and Privacy
        Single Sign-on
        System Update Policy
        CIS Benchmarks
        Microsoft Security Baselines
        Restrictions Profile Configurations
        Email, Contact, and Calendar Profile Configurations
        Connectivity Profile Configurations
        Other Profile Configurations
        SOTI Apps Profile Configurations
      - Profile Configurations By Platform
    - Declarative versus Reactive Profiles
  - Using Advanced Configurations
  - Using Settings Manager
  - Approval Workflow for Profile Changes
    This overview outlines the fail-safe configuration for mission-critical profiles, designed to enhance the reliability and security of profile management in SOTI MobiControl.
- Managing Applications
- Managing Data
- Managing Certificates
  Manage and deploy digital certificates in SOTI MobiControl, including manual uploads and dynamic certificates issued via integrated certificate authorities.
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
Cloud Link Agent
Glossary
Notices

Issuing Enrollment and User Certificates Using ADCS

About this task

Use ADCS and the Microsoft Management Console (MMC) to request and export updated enrollment and authentication certificates for integration with SOTI MobiControl. Use these certificates to enable secure device enrollment and user authentication within the system.

Procedure

Log in to the CA server as the Active Directory Certificate Services (ADCS) user. Alternatively, open the MMC as a different user by holding down the Shift key and right-clicking MMC, then selecting Run as different user.
Launch the MMC and add the Certificates snap-in (User Account).
Right-click Personal and select All Tasks > Request New Certificate. The Certificate Enrollment wizard displays.
Select Next and select the certificate derived from the Enrollment Agent template during the initial setup.
Repeat the above steps to retrieve the Authentication certificate.
Select More information… > Properties > Signature.
Select Browse.
In the Windows Security dialog box that opens, select the Enrollment Certificate generated in Step 4 above.
Export both certificates with their private keys. Name the certificates properly for the SOTI MobiControl configuration. One is the Enrollment certificate, while the other is the Client Authentication User certificate.

What to do next

Import the new certificates into your SOTI MobiControl instance to complete or renew your ADCS integration. For more information, see Step One: Integrate Certificate Authority Services.