Inheriting Permissions from External Groups

External groups inherit permissions from the SOTI MobiControl groups to which they were assigned. This means SOTI XSight administrators do not need to manually configure permissions for external groups.

Supported External Groups in SOTI XSight

• LDAP
  • LDAP User Group

• Identity Provider (SSO)
  • SSO User Group
  • SSO LDAP User Group
  • SSO Third Party User Group
  • SSO Azure User Group

External Groups Associated with a Role

• The external group inherits a combination of permissions of all the associated roles.
• By default, inheritance is enabled for external groups associated with a role.
• If an external group is associated with a role before the upgrade (SOTI XSight 4.0 or later), the group inherits permissions from the role(s) they were associated with.
  • This is applicable even if the external group had permissions or did not have permissions before the upgrade.
  • When inheritance is turned off, the permissions before the upgrade are applied.

• When an external group is inheriting from an administrator role and inheritance is turned off, they do not inherit administrator rights.
• Given that permissions for a SOTI MobiControl role are configured, when selecting an external group, administrators can choose if the external group should inherit permissions from the role(s) it is assigned to.
  • By default, inherit permissions is turned on.
  • A list of roles that the group is inheriting from is displayed.

External Groups Not Associated with a Role