Adding an On-Premises LDAP Connection

Before you begin

Log in as SOTI MobiControl user with "View Directory Services" and "Manage Directory Services" permissions.
Important: If your SOTI MobiControl instance is on a cloud environment. Use Cloud Link Agent to establish a connection between your LDAP connection and SOTI MobiControl. For more details, see Cloud Link Agent Help

About this task

Add an on-premises LDAP connection to SOTI MobiControl by entering your server details, selecting authentication options, and configuring attributes. This setup enables secure LDAP authentication for user access and device enrollment.

To add an on-premises LDAP connection to SOTI MobiControl, perform the following steps:

Procedure

  1. Select Global Settings from the SOTI MobiControl main menu.
  2. From the Global Settings list, select Services > Directory.
    Selecting Directory
  3. Under Directory in the LDAP Directories dialog box, select the icon.
  4. Enter your LDAP server information.
    1. Enter the name for the LDAP connection, used for reference only on the web console.
    2. Select a server type for the LDAP connection, the server type determines which search attributes to use. Select from the following server types:
      • Active Directory
      • Open Directory
      • Domino
      • Other
    3. Enter the hostname or IP address of the LDAP server and the connection port. The default port is 389. If using SSL, the port is 636.
      Note: The port can be any value that matches the server's settings.
    4. Toggle SSL to make SOTI MobiControl secure the LDAP communication over a Secure Sockets Layer (SSL) tunnel.
    5. Toggle Accept Untrusted Certificates to use SSL connections with untrusted certificates (usually self-signed CA root certificates).
  5. Specify how SOTI MobiControl handles authentication via an Authentication Type.
    1. Select a Authentication Type that matches the LDAP server's authentication settings. Choose from the following methods:
      • Negotiate: Use Microsoft Negotiate authentication on the connection.
      • Kerberos: Use Kerberos authentication on the connection.
      • Basic: Use basic authentication on the connection.
      • Anonymous: Make the connection without passing credentials.
      • TLS: Use Transport Layer Security to encrypt the connection.
    2. Enter a Username of a LDAP user for binding the connection.
      Note: Applicable for the Basic, Negotiate and Kerberos authentication types.
    3. Optional: Enter a password of the LDAP user.
    4. Upload a Client certificate that holds a private key to the LDAP instance to secure connection and optionally, a certificate password to access the certificate
      Note: Applicable for the TLS authentication type only.
  6. Set the scope of the LDAP connection.
    1. Enter a Base DN (Distinguished Name). This is the top level of the LDAP directory tree as the base (referred to as the "base DN"). This option defines the highest level of the LDAP search scope (also known as the RootContainer).
    2. Toggle Follow Referrals to enable searching of the binding server and the referral servers listed in the search response.
  7. Optional: Add SOTI Cloud Link.
    Important: This setting only applies to SOTI MobiControl Cloud instances, not on-premise installations
    Install the Cloud Link Agent to secure a connection between SOTI MobiControl and your LDAP server.
  8. Optional: Define the server attributes. The attributes are pre-populated to match server connections, but you can change them to meet server requirements.
    1. Define the General Attributes. Refer to General Attributes for information on each general attribute.
    2. Define the Group Attributes. See Group Attributes for information on each group attribute.
    3. Define the User Attributes. See User Attributes for information on each user attribute.
  9. Optional: In the Map Additional User Attributes dialog window. Select on the icon to add extra user attributes. Select a mapped attribute and enter a value under the Name field. See Additional User Attributes for more information on the available attributes.
    Tip: Use the mapped attributes to search for devices and assign profile and policies to the devices after indexing them on the search filter. For more information, see Indexing Properties.
  10. Select Save to save the new directory configuration.

Results

Use the newly created directory configuration to enable users to authenticate with SOTI MobiControl by Creating Users or Enrolling Devices that require LDAP authentication to enable authorized users access to the devices.