SOTI Cloud Link Integration

About this task

The SOTI Cloud Link Agent (CLA) extends enterprise services that are isolated behind corporate firewalls, enabling secure interaction with SOTI ONE cloud applications such as SOTI Connect. The CLA securely transfers requests and responses between SOTI Connect and your enterprise services.

If you use SOTI Connect Cloud and want to leverage your Lightweight Directory Access Protocol (LDAP) connections for console security or enrollment, you need to set up a SOTI Cloud Link Agent. SOTI Connect supports outbound SOTI Cloud Link Agent connections, where requests are initiated by your enterprise LDAP service and sent to the CLA. For more details, refer to the SOTI Cloud Link Agent Help.

The integration involves the following components:
  • SOTI Cloud Link Broker
  • SOTI Cloud Link Agent
  • SOTI Cloud Link Agent Admin Utility Tool
    Note: SOTI Connect 2024.1 requires SOTI Cloud Link Agent Admin Utility Tool 2024.1.

Communication Flows

SOTI Cloud Link integration establishes secure communication between the Broker, SOTI Connect, and the SOTI Cloud Link Agent (CLA).
  • SOTI Connect identifies the Broker address from a value stored in the AppConfig database table. This value can be retrieved or updated using APIs in the CloudLinkAgentController.
  • SOTI Connect trusts the Broker’s SSL certificate (GoDaddy certificate in TrustStore) and connects through port 5596 by default.
  • The Broker verifies the access token of Agents using SOTI Connect’s token signing certificate, which is obtained from an API in CloudLinkAgentController.
  • The CLA authenticates with SOTI Connect using the client_credentials flow, with its ID as the JWT subject for Broker identification.
  • Initial certificate exchanges occur through the following APIs:
    • CloudLinkAgentController.ConfigureCloudLinkAgent()
    • CloudLinkAgentController.GetClaMetadata()
  • SOTI Connect runs a scheduled job to check and renew certificates with the CLA when required.
  • Both the Broker and Agent must trust the Broker’s SSL certificate in their respective TrustStores.
For detailed setup and management, see the following sections: