Editing an Identity Provider Connection

Edit an Identity Provider (IdP) connection from SOTI MobiControl.

Before you begin

Log in as a SOTI MobiControl user with the Manage Directory Services permission enabled.

About this task

Edit an existing IdP connection from SOTI MobiControl to update configurations when connecting to authenticate users or enroll devices.

Procedure

  1. In the SOTI MobiControl web console, select Global Settings from the main menu.
    Select Global Settings from the SOTI MobiControl web console
  2. From the Settings tree on the left, select Services > Identity Provider to display the Identity Provider menu.
    Select Services > Identity Provider to display the Identity Provider window.
  3. In the list of created Identity Provider configurations, select the name of the IdP connection you want to edit.
  4. Edit the IdP connection settings as required:
    Name Enter a name for this IdP connection in SOTI MobiControl.
    IdP Metadata File Browse for, or drag and drop into the file, your IdP's metadata file. This file contains information necessary to create a link between your IdP and SOTI MobiControl.
    Note: You can fill in the rest of the settings manually if you do not have an IdP metadata file or an IdP metadata URL.
    IdP Metadata URL Enter a URL from which your IdP's metadata can be uploaded to SOTI MobiControl, then select Refresh.
    Note: You can fill in the rest of the settings manually if you do not have an IdP metadata URL or an IdP metadata file
    IdP Entity ID Enter the globally unique identifier for the IdP.
    IdP URL Enter the IdP Single Sign on (SSO) login URL. SOTI MobiControl uses this URL to start the SSO login sequence.
    Note: SOTI MobiControl supports only HTTP-POST binding.
    Logout URL Optional: Enter a URL that users are redirected to when they log out of the SOTI MobiControl console and Self Service Portal. If a Logout URL is not provided, users are redirected to a default logoff page.
    Note: SOTI MobiControl does not support single logout (SLO).
    Certificates
    Add Certificates to authenticate a secure connection with your IdP. Select the (download) icon to open the Add Certificate dialog box, in which you can add a certificate to the list. Select the (delete) icon to delete the selected certificate from the list. The certificates in the list are listed in ascending order until a valid certificate is successful in authenticating with the IdP.
    Note: Certificates must be in either DER-encoded binary X509 or Base64-encoded X.509 format.
  5. Edit Group Settings for Directory:
    Directory Name Select a directory from the dropdown list. If you do not have any directories configured, see Managing Directory Service Connections for more information on adding a new directory.
  6. Or, edit Group Settings for IdP:
    Group Attributes

    Add List Attributes to authenticate users with SOTI MobiControl. Make sure that you have created these attribute values in your IdP and assigned them to users. You also need to provide the values in the Attribute Statement section of the assertion response so they can be matched against the defined IdP User groups to determine access rights for the user.

    Note: Optionally, Add a List Delimiter to split up attribute values into additional values. If a delimiter is not set, it is assumed that the attribute value contains multiple XML nodes, each one a different group name.
    User Attributes Enter user attributes to map IdP SAML response attributes to SOTI MobiControl attributes. For example, if you map the name attribute in the IdP SAML response to the First Name attribute in SOTI MobiControl, the value of the name attribute appears in the First Name field of the User Details card in the device’s Device Information panel.
    Note: Only configured attributes appear in User Details.
    Additional User Attributes Enter extra user attributes to map IdP SAML response attributes to SOTI MobiControl, if needed for user requirements. See Additional User Attributes for more information on the available attributes,
  7. Select Save.

Results

The IdP connection is now updated in SOTI MobiControl for use with console authentication or device enrollment when paired with LDAP.

What to do next

Authenticate SOTI MobiControl web console users using IdP by selecting the Identity Providers authentication type in Authentication Options. When paired with an LDAP connection, you may also enroll devices with user authentication. See Enrolling Devices for more details.