Integrating SOTI Identity and Additional SOTI MobiControl Instances

About this task

This section describes the following topics related to integrating SOTI XSight with SOTI Identity and additional SOTI MobiControl instances.
Note: Additional SOTI MobiControl instances are supported in SOTI MobiControl 15.4 and later.

Requirements for SOTI XSight Integration

Procedure

  1. SOTI Identity (SI), SOTI MobiControl (MC) and SOTI XSight (XS) must all be at version 2024.0 or later.
  2. SOTI MobiControl can be either on a cloud based virtual machine (VM) or on-premises with an external IP address.
  3. The VM must have a secure certificate (for example, LetsEncrypt) and *.sotiqa.com

Requirements for Additional SOTI MobiControl Instances

Procedure

  1. For SOTI Identity users to access both primary and non-primary SOTI MobiControl data in SOTI XSight, the same SOTI Identity users and user groups should be present on all SOTI MobiControl instances.
  2. All SQL Server ports (default:1433 and non-default ports) must be open.

Integration of SOTI Identity with SOTI MobiControl

Procedure

Create an application for SOTI MobiControl in the SOTI Identity web console
  1. Login to the web console
  2. From the main menu, select Applications.

    Application tab at SOTI Identity console

  3. Select New Application.
    New application for SOTI Identity console
  4. Enter the information for the SOTI MobiControl instance, the SOTI Identity administrator. Make note of the generated client ID and secret for the SOTI MobiControl administrator.

    Enter the app details

Integrate SOTI Identity with SOTI MobiControl
  1. As SOTI MobiControl administrator, login to the SOTI MobiControl web based console.
  2. From the main menu, select Global Settings > SOTI ONE > SOTI Identity.
  3. Toggle the Enable SOTI Identity button On.
    Toggle enable SOTI Identity button
  4. Enter the client ID and secret for the app you generated in Step 4.
    Enter the Client ID and Client Secret
Assign SOTI MobiControl role to SOTI Identity user/group
  1. Select Assign User in your SOTI Identity application.
    Select Assign User button
  2. Select your user/group
    Select your User/Group

Visibility of the SOTI XSight tile in the SOTI Identity web console

  1. From the SOTI XSight web console, you can see the SOTI MobiControl tiles with the associated legacy SOTI Assist tile.
    Note: This is because SOTI XSight is not yet installed.

Install SOTI XSight with a Single SOTI XSight Management Server

Procedure

  1. Install SOTI XSight associated with SOTI Identity integrated SOTI MobiControl.
    SOTI XSight associated with SOTI MobiControl
Enable SOTI Identity authentication from the SOTI XSight web console
  1. Login to the SOTI XSight web console as administrator.
  2. From the main menu, select Settings > Integration > MC Integration.
  3. Enable Use SOTI Identity for user authentication.
    SOTI XSight: SOTI Identity user Authentication
  4. Login to the SOTI Identity web console.
  5. In the SOTI MobiControl application, select Edit.
  6. Add the associated SOTI XSight details to SOTI Identity.
    SOTI XSight name and URL under SOTI MobiControl Application at SOTI Identity portal
Visibility of the SOTI XSight tile in SOTI Identity web console
  1. The name of the SOTI XSight tile changes to SOTI XSight's FQDN in the SOTI Identity web console.

Install SOTI XSight with Multiple SOTI XSight Management Servers

Procedure

Installer changes
  1. To install a second XMS, use the public URL instead of the host URL. Use the primary URL if the environment does not have a load balancer.
    SOTI XSight URL of second XMS
  2. From the SOTI MobiControl Integration wizard, use the relative SOTI MobiControl URL, use same Client Id and Client Secret. Do not select Overwrite the default MobiControl connection settings.
    Details of SOTI MobiControl Integration wizard for second XMS
  3. Select Next.

Second SOTI XSight node’s Administration Utility

  1. Do not select Override Local Display Service Address for the second SOTI MobiControl Management Server, as SOTI Identity doesn’t support multiple SOTI MobiControl Management Servers.
    Override details for Second XMS at SOTI MobiControl Administration Utility
  2. Override the SOTI Assist URL with the second XMS URL details.
    Note: Follow steps mentioned earlier in Enabling SOTI Identity authentication within SOTI XSight.
  3. The SOTI XSight tile is visible in the SOTI Identity console with multiple Management Servers.
    SOTI XSight tile after toggling the SOTI Identity-Auth button
    Note: This is due to enabling Use SOTI Identity for user authentication in Enabling SOTI Identity authentication within SOTI XSight.

Integration of Additional SOTI MobiControl Instances with SOTI Identity

About this task

Integrate SOTI Identity with SOTI MobiControl.

Procedure

Toggle support for additional SOTI MobiControl instances
  1. Login to the SOTI XSight web console as administrator.
  2. From the main menu select Settings > Integration > MobiControl Integration.
  3. Toggle Enable to support additional MobiControl Instances on.
    Enable support for additional SOTI MobiControl instances
Configure SOTI XSight Management Server’s login mode
  1. Add the XMS FQDN for Management Server (for example, x000068.qaxsight.mobicontrol.cloud).
  2. In the Login Mode dropdown, select either XSight Login or MobiControl Login. For a SOTI Identity environment, select MobiControl Login to ensure SOTI XSight uses the same login mode as SOTI MobiControl (for example, the SOTI Identity authentication mode).
  3. Select to add additional login modes.
Adding details to a non-primary SOTI MobiControl instance
  1. Select in Other Instances.
    Adding instance details for non-primary SOTI MobiControl
  2. Enter the following information in the Add MobiControl panel.
    Instance details
    Table 1. Instance Details
    Setting Value
    Name Enter the name of the non-primary instance to add. The name is reflected on the device search points throughout SOTI XSight (Incident Management, Chat Container and Operational Intelligence).

    For example, x92.
    Access URL The URL of the non-primary SOTI MobiControl.
    Note: For SOTI Identity, /mobicontrol in the URL should be in lowercase as SOTI Identity is case sensitive.
    Use SOTI Identity for user authentication Toggle off
    Configure credentials
    Table 2. Configure Credentials
    Setting Value
    MobiControl Database Server The database server name of the non-primary SOTI MobiControl instance. The SQL instance which hosts the SOTI XSight database must be able to connect to the SQL Server (ports) instance which hosts the secondary SOTI MobiControl database.
    MobiControl Database Name The name of the non-primary SOTI MobiControl database.

    For example: MobiControlDB
    Username The SQL Server username of the user that has full privileges.
    Password The SQL Server password of the user that has full privileges.
Save non-primary SOTI MobiControl's database details
  1. Select Save.
  2. Follow the instructions in the Add MobiControl prompt. Complete the following:
    • Install the root certificate of the added SOTI MobiControl instance on the SOTI XSight server.
    • Restart the SOTI XSight Display Service in the Administration Utility.
    • Re-login to SOTI XSight.
    Select Ok.
    Certificate prompt
  3. Add the non-primary SOTI MobiControl root certificate to VM where XMS is installed and restart XMS from the Administration Utility/Services.
    Note: If the SOTI XSight installation has more than one XMS instance, you must install the certificate on all XMS instances and restart these instances.
Save and re-start SOTI XSight Display Services
  1. Select Save.
  2. The Restart Services panel displays. You must restart the XMS in Administration Utility for the changes to take effect.
    Restart services
Export-Import of non-primary SOTI MobiControl’s root certificate
  1. RDP into the non-primary SOTI MobiControl instance.
  2. Open the SOTI MobiControl Administration Utility.
  3. Select the Certificates tab.
    Select the Certificates tab
  4. In the Root Certificate Management panel, select Export.
    Export the root certificate
  5. Transfer the non-primary SOTI MobiControl root certificate file to the primary XMS server. For example, Root.cert.
    Note: If SOTI XSight has more than one XMS instance, you must install the certificate on all XMS nodes.
  6. On the primary XMS server, double-click on the non-primary SOTI MobiControl root certificate file that you copied over.
    1. Select Install Certificate.

      Select install certificate

    2. In the Certificate Import Wizard, select Local Machine and then select Next.

      Select local machine

    3. Select Yes.

      Select yes

    4. In the Certificate Import Wizard, select Place all certificates in the following store and then select Browse.

      Save all certificates to a specified store

    5. Select the Trusted Root Certification Authorities certificate store, then select Ok.

      Select the Trusted Root Certificates Authorities certificate store

    6. In the Certificate Import Wizard, select Next.

      Select next

    7. In the Certificate Import Wizard, select Finish.

      Select Finish

    8. In the Certificate Import Wizard, the message The import was successful displays.

      The import was successful

Verify SOTI XSight integration with secondary SOTI MobiControl from the SOTI Identity web console
  1. Restart the SOTI XSight services and re-login.
  2. In the SOTI MobiControl integration page, toggle SOTI Identity user authentication Off and then On.
  3. The associated SOTI XSight details are viewable in the secondary SOTI MobiControl's application details from the SOTI Identity web console. The Manage Group icon of the secondary SOTI MobiControl displays.
    Manage Group button of SOTI MobiControl application when SOTI XSight is integrated.
Integrate the secondary SOTI MobiControl with the primary SOTI MobiControl from the SOTI Identity web console
  1. Select Manage Group of the primary SOTI MobiControl.
  2. In the Manage MobiControl App Groups panel, enter a unique group name.
    Manage group of primary SOTI MobiControl
    Note: The group name must be unique within SOTI Identity. You cannot use a name which already exist for another group.
  3. Select to add a secondary-SOTI MobiControl application.
    Adding secondary SOTI MobiControl at SOTI Identity console
Token for secondary SOTI MobiControl
  1. The secondary SOTI MobiControl’s token is generated within 2 hours. SOTI Identity sends it to the primary SOTI MobiControl.
    Note: The token details are viewable in the SotiOneApplication table of the SOTI MobiControl database.

Hybrid integration of SOTI MobiControl Instances (Legacy and SI-integrated)

About this task

Follow the steps mentioned earlier and in the document Integrating Additional SOTI MobiControl Instances.

Procedure

  1. Include both login modes with the respective XMS.
    Add both SOTI XSight login modes
  2. Override the SOTI XSight URL under the legacy integration of SOTI MobiControl.
    Add Secondary XMS URL at Legacy Secondary SOTI MobiControl’s SOTI MobiControl Administration Utility

Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight

About this task

Follow all the steps in Deleting a Non-Primary SOTI MobiControl Instance Integrated with SOTI XSight.

Procedure

  1. From the SOTI Identity web console and select the primary SOTI MobiControl application.
  2. Select Manage Group and open the Manage MobiControl App group wizard.
  3. Delete the secondary SOTI MobiControl application by selecting the delete icon.
    Delete non-primary SOTI MobiControl under SOTI MobiControl App Group Wizard
  4. Select Update.
    Edit primary Instance at SOTI Identity portal
  5. You cannot delete the primary SOTI MobiControl application until you switch the secondary SOTI MobiControl applications with the primary SOTI MobiControl application.
  6. Remove SOTI Identity integration with the non-primary SOTI MobiControl first, and then delete the associated application from within SOTI Identity.
  7. If integration only one secondary SOTI MobiControl instance, you must remove the entire SOTI Identity integration from that SOTI MobiControl instance (the Delete button does not work).

Limitations With an Additional SOTI MobiControl Instance

Procedure

  1. Enrolling a device enrolled in instance A to instance B still opens a session on instance A in the chat container.
  2. If you do not select Save when setting up additional SOTI MobiControl instances or updating an instance, any changes made are not saved.
    Note: If you do not select Save, you are not prompted to save your changes.
  3. Upgrading SOTI XSight from an earlier version (for example, version 4.3.x to 2024.x) does not update the database values for the non-primary SOTI MobiControl instances in the im_McConnection table.
  4. Using a relative URL when setting up additional SOTI MobiControl instances gives a duplicate instance error.
    Note: This limitation is removed in versions 2024.1.0 and later.

Limitations With an Additional SOTI MobiControl Instance and Integration

Procedure

  1. When SOTI XSight services are stopped, you can see the Assist logo in the SOTI Identity dashboard. This is because as SOTI Identity is using only the SOTI XSight URL from SOTI MobiControl dynamically. The information is not saved on SOTI Identity for SOTI XSight.
  2. If an expired certificate is bound with port 443/custom port, which XMS is using, you can see 404 error in the SOTI XSight dashboard.
  3. With SOTI Identity, you cannot access multiple SOTI MobiControl Management Servers separately. The secondary SOTI MobiControl Management Server must be redirected to the primary SOTI MobiControl Management Server.

Troubleshooting

Procedure

  1. If SOTI MobiControl is not integrated correctly, errors occur in the SOTI Identity web console when assigning user/group to the respective SOTI MobiControl application.
    Error while assigning user/group to the application
  2. When SOTI Identity uses a centralized database, and a SOTI MobiControl application is already created on one of the SOTI Identity portals, then the admin is not allowed to integrate new SOTI MobiControl with new application details.
    Note: This is because SOTI Identity stores VM details as metadata.
    Error if Application is already created and assigned with previous SOTI MobiControl on same VM.