How SOTI Identity Works

SOTI Identity is a Security Assertion Markup Language (SAML) 2.0 identity provider (IdP) for managing users and controlling access to all SOTI ONE applications under one account.

If your organization manages separate instances of cloud SOTI ONE Platform products, each instance has a separate SOTI Identity account.

On a high level, SAML works by relaying user identity and authentication information between an IdP (SOTI Identity) and a service. Service providers agree to use the IdP to verify a user's right to access their services.

When a user attempts to access a SOTI ONE application, SOTI Identity recieves their information as part of a SAML authentication request. It checks the login credentials, and then relays the approval or denial back to the application.

SOTI Identity supports single sign-on (SSO) functionality across its applications. Once a user logs into one application, the system logs them into all their connected SOTI ONE applications.

In SOTI Identity you can add local SOTI account users directly in the SOTI Identity console or pull in external users from existing LDAP or third-party IdP connections. This way, if you have users and groups already organized, you can integrate them with SOTI Identity and repurpose them for SOTI ONE application access control.

SAML flow in SOTI Identity with added LDAP and IdPs

Applications

SOTI Identity can manage users access control for all SOTI ONE applications released after October 31, 2019. Cloud apps such as SOTI Snap or SOTI XSight must use SOTI Identity, but on-premises applications like SOTI MobiControl or SOTI Connect can continue to use their own built-in user management systems.

You can add and manage instances of SOTI MobiControl and SOTI Connect under a single SOTI Identity account.

Learn more at Application Management.

User Roles

User roles are labels that bundle permissions together for an application. When you grant a user access to an application, you assign them at least one user role which applies associated permissions.

Note: SOTI Identity itself has two default user roles: application user and account administrator.

An application user can log into the SOTI ONE portal or directly into any SOTI ONE applications assigned to them.

Account administrators have the same capabilities as application users plus they can modify all SOTI Identity account settings, including adding, editing, or deleting users, applications, and LDAP or IdP connections. Only grant this role when you want the user to have administrator level access to the SOTI Identity console.

You cannot add new user roles to SOTI Identity, and you cannot edit or delete the default user roles.

You can create user roles for other SOTI ONE applications but SOTI Identity can only have the two default roles. Learn more at User Roles.