Configuring Single Sign On for Android with SOTI Identity

Configure Single Sign On for Android applications using SOTI Identity for SOTI MobiControl.

Before you begin

Log into SOTI MobiControl as a user with "View profiles" and "Manage profile setup" permissions.

About this task

Configure Single Sign On (SSO) for native and web applications on Android using SOTI Identity. SSO enables users to authenticate on one or more applications using a global authentication method, enhancing user efficiency and centralizing authentication for administrators.

Procedure

  1. From the SOTI MobiControl web console main menu, select Profiles.
    Selecting Profiles
  2. In the Profiles view, select Add Profile in the top-right corner.
    Selecting New Profile
  3. In the Add Profile panel, select any of the Android platforms.
    Selecting an android platform
  4. In the General tab of the Create Profile panel, enter a Profile Name and an optional Description.
    entering a name and description
    Restriction: You can only create profiles for a single platform at a time.
  5. Select the Configurations tab, then select the Add Configuration icon.
    selecting the configuration tab
    Note: You can create profiles that have configurations or packages. You do not need to include both.
  6. Select Single Sign On from the Security menu.
    Selecting single sign on
    Important: On Android Work Managed devices, the SOTI SSO option applies to Single Sign On using SOTI Identity. For more information on configuring other forms of SSO on Work Managed devices, see Single Sign-on.
    Selecting SOTI SSO
  7. In the Single Sign On panel, select the Manage button to open the SOTI Identity panel. Select a Certificate Authority template or select Manage Certificate Authorities. Choose the Import Application icon to import applications or the Add Application icon to add applications.
    Single Sign On Panel
  8. Configure the URL for SOTI Identity in the SOTI Identity panel. Select Save when done.
    Configure the SOTI Identity URL in the SOTI Identity panel
  9. In the Certificate Authority panel, select a certificate authority template that generates an agent certificate. The agent certificate deploys to the device and enables secure authentication with SOTI MobiControl.
    Selecting Alternate Certificates
    Note: SOTI MobiControl defaults to an internal certificate authority template. However, external certificate authorities are available to configure for authentication. To manage certificate authorities and create new templates, select Manage Certificate Authorities. See Deploying Managed (Dynamic) Certificates for more information.
    Important: When upgrading to SOTI MobiControl 2026.0.0 or later, existing SSO profiles that used an Identity Certificate in earlier releases of SOTI MobiControl have migrated to Certificate Authority with the certificate pre-selected.
  10. Optional: If SSO requires additional certificates for authentication, pair a Certificates configuration with the SSO configuration to deploy all required certificates to Android devices. For more details, see Managing Certificates.
    Certificate payload
  11. In the Target Applications sub-panel, add applications by importing them or enter multiple applications directly into the panel (blue boxes).
    Enter SSO target applications
    Important: In the Target Applications panel, enter the application's bundle identifier to enable SSO for specific applications. If you do not add any applications, all the applications registered with SOTI Identity are SSO enabled.

Results

You have created an SSO profile for Android devices of a specific type. Continue adding further profile configurations if required (see Android Plus Profile Configurations) or proceed to Assigning a Profile to deploy this profile to your devices.