Integrating SOTI Identity and Additional SOTI MobiControl Instances
About this task
- Requirements for SOTI XSight Integration
- Requirements for Additional SOTI MobiControl Instances
- Integration of SOTI Identity with SOTI MobiControl
- Install SOTI XSight with a Single SOTI XSight Management Server
- Install SOTI XSight with Multiple SOTI XSight Management Servers
- Integration of Additional SOTI MobiControl Instances with SOTI Identity
- Hybrid integration of SOTI MobiControl Instances (Legacy and SI-integrated)
- Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight
- Limitations With an Additional SOTI MobiControl Instance
- Limitations With an Additional SOTI MobiControl Instance and Integration
- Troubleshooting
Note: Additional SOTI MobiControl instances are
supported in SOTI MobiControl 15.4 and later.
Requirements for SOTI XSight Integration
Procedure
- SOTI Identity (SI), SOTI MobiControl (MC) and SOTI XSight (XS) must all be at version 2024.0 or later.
- SOTI MobiControl can be either on a cloud based virtual machine (VM) or on-premises with an external IP address.
-
The VM must have a secure certificate (for example, LetsEncrypt) and
*.sotiqa.com
Requirements for Additional SOTI MobiControl Instances
Procedure
- For SOTI Identity users to access both primary and non-primary SOTI MobiControl data in SOTI XSight, the same SOTI Identity users and user groups should be present on all SOTI MobiControl instances.
- All SQL Server ports (default:1433 and non-default ports) must be open.
Integration of SOTI Identity with SOTI MobiControl
Procedure
Create an application for SOTI MobiControl in the SOTI Identity web console
- Login to the web console
-
From the main menu, select Applications.
-
Select
New Application.
-
Enter the information for the SOTI MobiControl instance, the
SOTI Identity administrator. Make note of the generated
client ID and secret for the SOTI MobiControl
administrator.
Integrate SOTI Identity with
SOTI MobiControl
- As SOTI MobiControl administrator, login to the SOTI MobiControl web based console.
- From the main menu, select .
- Toggle the Enable SOTI Identity button On.
- Enter the client ID and secret for the app you generated in Step 4.
Assign SOTI MobiControl role to SOTI Identity user/group
- Select Assign User in your SOTI Identity application.
- Select your user/group
Visibility of the SOTI XSight tile in the SOTI Identity web console
-
From the SOTI XSight web console, you can see the SOTI MobiControl tiles with the associated legacy SOTI Assist tile.
Note: This is because SOTI XSight is not yet installed.
Install SOTI XSight with a Single SOTI XSight Management Server
Procedure
- Install SOTI XSight associated with SOTI Identity integrated SOTI MobiControl.
Enable SOTI Identity
authentication from the SOTI XSight web console
- Login to the SOTI XSight web console as administrator.
- From the main menu, select .
- Enable Use SOTI Identity for user authentication.
- Login to the SOTI Identity web console.
- In the SOTI MobiControl application, select Edit.
- Add the associated SOTI XSight details to SOTI Identity.
Visibility of the SOTI XSight tile in SOTI Identity web console
- The name of the SOTI XSight tile changes to SOTI XSight's FQDN in the SOTI Identity web console.
Install SOTI XSight with Multiple SOTI XSight Management Servers
Procedure
Installer changes
- To install a second XMS, use the public URL instead of the host URL. Use the primary URL if the environment does not have a load balancer.
- From the SOTI MobiControl Integration wizard, use the relative SOTI MobiControl URL, use same Client Id and Client Secret. Do not select Overwrite the default MobiControl connection settings.
- Select Next.
Second SOTI XSight node’s Administration Utility
- Do not select Override Local Display Service Address for the second SOTI MobiControl Management Server, as SOTI Identity doesn’t support multiple SOTI MobiControl Management Servers.
-
Override the SOTI Assist URL with the second XMS URL
details.
Note: Follow steps mentioned earlier in Enabling SOTI Identity authentication within SOTI XSight.
-
The SOTI XSight tile is visible in the SOTI Identity console with multiple Management
Servers.
Note: This is due to enabling Use SOTI Identity for user authentication in Enabling SOTI Identity authentication within SOTI XSight.
Integration of Additional SOTI MobiControl Instances with SOTI Identity
About this task
Procedure
Toggle support for additional SOTI MobiControl
instances
- Login to the SOTI XSight web console as administrator.
- From the main menu select .
- Toggle Enable to support additional MobiControl Instances on.
Configure SOTI XSight Management Server’s login
mode
-
Add the XMS FQDN for Management Server (for example,
x000068.qaxsight.mobicontrol.cloud
). - In the Login Mode dropdown, select either XSight Login or MobiControl Login. For a SOTI Identity environment, select MobiControl Login to ensure SOTI XSight uses the same login mode as SOTI MobiControl (for example, the SOTI Identity authentication mode).
- Select to add additional login modes.
Adding details to a non-primary SOTI MobiControl
instance
- Select in Other Instances.
-
Enter the following information in the Add
MobiControl panel.
Table 1. Instance Details Setting Value Name Enter the name of the non-primary instance to add. The name is reflected on the device search points throughout SOTI XSight (Incident Management, Chat Container and Operational Intelligence). For example, x92.
Access URL The URL of the non-primary SOTI MobiControl. Note: For SOTI Identity,/mobicontrol
in the URL should be in lowercase as SOTI Identity is case sensitive.Use SOTI Identity for user authentication Toggle off Table 2. Configure Credentials Setting Value MobiControl Database Server The database server name of the non-primary SOTI MobiControl instance. The SQL instance which hosts the SOTI XSight database must be able to connect to the SQL Server (ports) instance which hosts the secondary SOTI MobiControl database. MobiControl Database Name The name of the non-primary SOTI MobiControl database. For example: MobiControlDB
Username The SQL Server username of the user that has full privileges. Password The SQL Server password of the user that has full privileges.
Save non-primary SOTI MobiControl's database
details
- Select Save.
-
Follow the instructions in the Add MobiControl prompt.
Complete the following:
- Install the root certificate of the added SOTI MobiControl instance on the SOTI XSight server.
- Restart the SOTI XSight Display Service in the Administration Utility.
- Re-login to SOTI XSight.
-
Add the non-primary SOTI MobiControl root certificate to VM
where XMS is installed and restart XMS from the Administration
Utility/Services.
Note: If the SOTI XSight installation has more than one XMS instance, you must install the certificate on all XMS instances and restart these instances.
Save and re-start SOTI XSight Display
Services
- Select Save.
- The Restart Services panel displays. You must restart the XMS in Administration Utility for the changes to take effect.
Export-Import of non-primary SOTI MobiControl’s root
certificate
- RDP into the non-primary SOTI MobiControl instance.
- Open the SOTI MobiControl Administration Utility.
- Select the Certificates tab.
- In the Root Certificate Management panel, select Export.
-
Transfer the non-primary SOTI MobiControl root certificate
file to the primary XMS server. For example,
Root.cert
.Note: If SOTI XSight has more than one XMS instance, you must install the certificate on all XMS nodes. -
On the primary XMS server, double-click on the non-primary SOTI MobiControl root certificate file that you copied
over.
- Select Install Certificate.
- In the Certificate Import Wizard, select Local Machine and then select Next.
- Select Yes.
- In the Certificate Import Wizard, select Place all certificates in the following store and then select Browse.
- Select the Trusted Root Certification Authorities certificate store, then select Ok.
- In the Certificate Import Wizard, select Next.
- In the Certificate Import Wizard, select Finish.
- In the Certificate Import Wizard, the message The import was successful displays.
- Select Install Certificate.
Verify SOTI XSight integration with secondary SOTI MobiControl from the SOTI Identity web
console
- Restart the SOTI XSight services and re-login.
- In the SOTI MobiControl integration page, toggle SOTI Identity user authentication Off and then On.
- The associated SOTI XSight details are viewable in the secondary SOTI MobiControl's application details from the SOTI Identity web console. The Manage Group icon of the secondary SOTI MobiControl displays.
Integrate the secondary SOTI MobiControl with the primary
SOTI MobiControl from the SOTI Identity web
console
- Select Manage Group of the primary SOTI MobiControl.
-
In the Manage MobiControl App Groups panel, enter a
unique group name.
Note: The group name must be unique within SOTI Identity. You cannot use a name which already exist for another group.
- Select to add a secondary-SOTI MobiControl application.
Token for secondary SOTI MobiControl
-
The secondary SOTI MobiControl’s token is generated within 2
hours. SOTI Identity sends it to the primary SOTI MobiControl.
Note: The token details are viewable in the
SotiOneApplication
table of the SOTI MobiControl database.
Hybrid integration of SOTI MobiControl Instances (Legacy and SI-integrated)
About this task
Procedure
- Include both login modes with the respective XMS.
- Override the SOTI XSight URL under the legacy integration of SOTI MobiControl.
Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight
About this task
Procedure
- From the SOTI Identity web console and select the primary SOTI MobiControl application.
- Select Manage Group and open the Manage MobiControl App group wizard.
- Delete the secondary SOTI MobiControl application by selecting the delete icon.
- Select Update.
- You cannot delete the primary SOTI MobiControl application until you switch the secondary SOTI MobiControl applications with the primary SOTI MobiControl application.
- Remove SOTI Identity integration with the non-primary SOTI MobiControl first, and then delete the associated application from within SOTI Identity.
- If integration only one secondary SOTI MobiControl instance, you must remove the entire SOTI Identity integration from that SOTI MobiControl instance (the Delete button does not work).
Limitations With an Additional SOTI MobiControl Instance
Procedure
- Enrolling a device enrolled in instance A to instance B still opens a session on instance A in the chat container.
-
If you do not select Save when setting up additional
SOTI MobiControl instances or updating an instance, any
changes made are not saved.
Note: If you do not select Save, you are not prompted to save your changes.
-
Upgrading SOTI XSight from an earlier version (for
example, version 4.3.x to 2024.x) does not update the database values for
the non-primary SOTI MobiControl instances in the
im_McConnection
table. -
Using a relative URL when setting up additional SOTI MobiControl instances gives a duplicate instance error.
Note: This limitation is removed in versions 2024.1.0 and later.
Limitations With an Additional SOTI MobiControl Instance and Integration
Procedure
- When SOTI XSight services are stopped, you can see the Assist logo in the SOTI Identity dashboard. This is because as SOTI Identity is using only the SOTI XSight URL from SOTI MobiControl dynamically. The information is not saved on SOTI Identity for SOTI XSight.
- If an expired certificate is bound with port 443/custom port, which XMS is using, you can see 404 error in the SOTI XSight dashboard.
- With SOTI Identity, you cannot access multiple SOTI MobiControl Management Servers separately. The secondary SOTI MobiControl Management Server must be redirected to the primary SOTI MobiControl Management Server.
Troubleshooting
Procedure
- If SOTI MobiControl is not integrated correctly, errors occur in the SOTI Identity web console when assigning user/group to the respective SOTI MobiControl application.
-
When SOTI Identity uses a centralized database, and a SOTI MobiControl application is already created on one of the
SOTI Identity portals, then the admin is not allowed to
integrate new SOTI MobiControl with new application
details.
Note: This is because SOTI Identity stores VM details as metadata.