Integrating SOTI Identity and Additional SOTI MobiControl Instances
About this task
- Requirements for SOTI XSight Integration
- Requirements for Additional SOTI MobiControl Instances
- Integration of SOTI Identity with SOTI MobiControl
- Install SOTI XSight with a Single SOTI XSight Management Server
- Install SOTI XSight with Multiple SOTI XSight Management Servers
- Integration of Additional SOTI MobiControl Instances with SOTI Identity
- Hybrid integration of SOTI MobiControl Instances (Legacy and SI-integrated)
- Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight
- Limitations With an Additional SOTI MobiControl Instance
- Limitations With an Additional SOTI MobiControl Instance and Integration
- Troubleshooting
Note: Additional SOTI MobiControl instances are
                supported in SOTI MobiControl 15.4 and later.
Requirements for SOTI XSight Integration
Procedure
- SOTI Identity (SI), SOTI MobiControl (MC) and SOTI XSight (XS) must all be at version 2024.0 or later.
- SOTI MobiControl can be either on a cloud based virtual machine (VM) or on-premises with an external IP address.
- 
                    The VM must have a secure certificate (for example, LetsEncrypt) and
                            *.sotiqa.com
Requirements for Additional SOTI MobiControl Instances
Procedure
- For SOTI Identity users to access both primary and non-primary SOTI MobiControl data in SOTI XSight, the same SOTI Identity users and user groups should be present on all SOTI MobiControl instances.
- All SQL Server ports (default:1433 and non-default ports) must be open.
Integration of SOTI Identity with SOTI MobiControl
Procedure
Create an application for SOTI MobiControl in the SOTI Identity web console
- Login to the web console
- 
                    From the main menu, select Applications.
                     
- 
                    Select 
                        New Application.
                      
- 
                    Enter the information for the SOTI MobiControl instance, the
                            SOTI Identity administrator. Make note of the generated
                        client ID and secret for the SOTI MobiControl
                        administrator.
                     
Integrate SOTI Identity with
                                SOTI MobiControl
- As SOTI MobiControl administrator, login to the SOTI MobiControl web based console.
- From the main menu, select .
- 
                    Toggle the Enable SOTI Identity button
                            On.
                     
- 
                    Enter the client ID and secret for the app you generated in Step
                        4.
                     
Assign SOTI MobiControl role to SOTI Identity user/group
- 
                    Select Assign User in your SOTI Identity application.
                     
- 
                    Select your user/group
                     
Visibility of the SOTI XSight tile in the SOTI Identity web console
- 
                    From the SOTI XSight web console, you can see the SOTI MobiControl tiles with the associated legacy SOTI Assist tile.
                    Note: This is because SOTI XSight is not yet installed.
Install SOTI XSight with a Single SOTI XSight Management Server
Procedure
- 
                    Install SOTI XSight associated with SOTI Identity integrated SOTI MobiControl.
                     
Enable SOTI Identity
                    authentication from the SOTI XSight web console
- Login to the SOTI XSight web console as administrator.
- From the main menu, select .
- 
                    Enable Use SOTI Identity for user
                        authentication.
                     
- Login to the SOTI Identity web console.
- In the SOTI MobiControl application, select Edit.
- 
                    Add the associated SOTI XSight details to SOTI Identity.
                     
Visibility of the SOTI XSight tile in SOTI Identity web console
- The name of the SOTI XSight tile changes to SOTI XSight's FQDN in the SOTI Identity web console.
Install SOTI XSight with Multiple SOTI XSight Management Servers
Procedure
Installer changes
- 
                    To install a second XDS, use the public URL instead of the host URL. Use
                        the primary URL if the environment does not have a load balancer.
                     
- 
                    From the SOTI MobiControl Integration wizard, use the relative
                            SOTI MobiControl URL, use same Client Id and Client Secret.
                        Do not select Overwrite the default MobiControl connection
                            settings.
                     
- Select Next.
Second SOTI XSight node’s Administration Utility
- 
                    Do not select Override Local Display Service Address
                        for the second SOTI MobiControl Management Server, as SOTI Identity doesn’t support multiple SOTI MobiControl Management Servers.
                     
- 
                    Override the SOTI Assist URL with the second XDS URL
                        details.
                    Note: Follow steps mentioned earlier in Enabling SOTI Identity authentication within SOTI XSight.
- 
                    The SOTI XSight tile is visible in the SOTI Identity console with multiple Management
                        Servers.
                     Note: This is due to enabling Use SOTI Identity for user authentication in Enabling SOTI Identity authentication within SOTI XSight. Note: This is due to enabling Use SOTI Identity for user authentication in Enabling SOTI Identity authentication within SOTI XSight.
Integration of Additional SOTI MobiControl Instances with SOTI Identity
About this task
Procedure
Toggle support for additional SOTI MobiControl
                    instances
- Login to the SOTI XSight web console as administrator.
- From the main menu select .
- 
                    Toggle Enable to support additional MobiControl
                            Instances on.
                     
Configure SOTI XSight Management Server’s login
                    mode
- 
                    Add the XDS FQDN for Management Server (for example,
                            x000068.qaxsight.mobicontrol.cloud).
- In the Login Mode dropdown, select either XSight Login or MobiControl Login. For a SOTI Identity environment, select MobiControl Login to ensure SOTI XSight uses the same login mode as SOTI MobiControl (for example, the SOTI Identity authentication mode).
- Select to add additional login modes.
Adding details to a non-primary SOTI MobiControl
                    instance
- 
                    Select  in Other
                            Instances.
                     
- 
                    Enter the following information in the Add
                            MobiControl panel.
                     Table 1. Instance Details Setting Value Name Enter the name of the non-primary instance to add. The name is reflected on the device search points throughout SOTI XSight (Incident Management, Chat Container and Operational Intelligence). For example, x92. Access URL The URL of the non-primary SOTI MobiControl. Note: For SOTI Identity,/mobicontrolin the URL should be in lowercase as SOTI Identity is case sensitive.Use SOTI Identity for user authentication Toggle off  Table 2. Configure Credentials Setting Value MobiControl Database Server The database server name of the non-primary SOTI MobiControl instance. The SQL instance which hosts the SOTI XSight database must be able to connect to the SQL Server (ports) instance which hosts the secondary SOTI MobiControl database. MobiControl Database Name The name of the non-primary SOTI MobiControl database. For example: MobiControlDB Username The SQL Server username of the user that has full privileges. Password The SQL Server password of the user that has full privileges. 
Save non-primary SOTI MobiControl's database
                    details
- Select Save.
- 
                    Follow the instructions in the Add MobiControl prompt.
                        Complete the following:
                    Select Ok.- Install the root certificate of the added SOTI MobiControl instance on the SOTI XSight server.
- Re-login to SOTI XSight.
  
- 
                    Add the non-primary SOTI MobiControl root certificate to VM
                        where XDS is installed. 
                    Note: If the SOTI XSight installation has more than one XDS instance, you must install the certificate on all XDS instances.
Save and re-start SOTI XSight Display
                    Services.
- Select Save.
Export-Import of non-primary SOTI MobiControl’s root
                    certificate
- RDP into the non-primary SOTI MobiControl instance.
- Open the SOTI MobiControl Administration Utility.
- 
                    Select the Certificates tab.
                     
- 
                    In the Root Certificate Management panel, select
                            Export.
                     
- 
                    Transfer the non-primary SOTI MobiControl root certificate
                        file to the primary XDS server. For example,
                        Root.cert.Note: If SOTI XSight has more than one XDS instance, you must install the certificate on all XDS nodes.
- 
                    On the primary XDS server, double-click on the non-primary SOTI MobiControl root certificate file that you copied
                        over.
                    - Select Install Certificate.  
-  In the Certificate Import Wizard, select
                                    Local Machine and then select
                                    Next.  
- Select Yes.  
- In the Certificate Import Wizard, select
                                    Place all certificates in the following
                                    store and then select Browse.  
- Select the Trusted Root Certification
                                    Authorities certificate store, then select
                                    Ok.  
- In the Certificate Import Wizard, select
                                    Next.  
- In the Certificate Import Wizard, select
                                    Finish.  
- In the Certificate Import Wizard, the message
                                    The import was successful displays.  
 
- Select Install Certificate.
Verify SOTI XSight integration with secondary SOTI MobiControl from the SOTI Identity web
                    console
- In the SOTI MobiControl integration page, toggle SOTI Identity user authentication Off and then On.
- 
                    The associated SOTI XSight details are viewable in the
                        secondary SOTI MobiControl's application details from the SOTI Identity web console. The Manage
                            Group icon of the secondary SOTI MobiControl
                        displays.
                     
Integrate the secondary SOTI MobiControl with the primary
                        SOTI MobiControl from the SOTI Identity web
                    console
- Select Manage Group of the primary SOTI MobiControl.
- 
                    In the Manage MobiControl App Groups panel, enter a
                        unique group name.
                     Note: The group name must be unique within SOTI Identity. You cannot use a name which already exist for another group. Note: The group name must be unique within SOTI Identity. You cannot use a name which already exist for another group.
- 
                    Select  to add a secondary-SOTI MobiControl application.
                     
Token for secondary SOTI MobiControl
- 
                    The secondary SOTI MobiControl’s token is generated within 2
                        hours. SOTI Identity sends it to the primary SOTI MobiControl.
                    Note: The token details are viewable in theSotiOneApplicationtable of the SOTI MobiControl database.
Hybrid integration of SOTI MobiControl Instances (Legacy and SI-integrated)
About this task
Procedure
- 
                     Include both login modes with the respective XDS.
                     
- 
                    Override the SOTI XSight URL under the legacy integration
                        of SOTI MobiControl.
                     
Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight
About this task
Procedure
- From the SOTI Identity web console and select the primary SOTI MobiControl application.
- Select Manage Group and open the Manage MobiControl App group wizard.
- 
                    Delete the secondary SOTI MobiControl application by selecting
                        the delete icon.
                     
- 
                     Select Update.
                     
- You cannot delete the primary SOTI MobiControl application until you switch the secondary SOTI MobiControl applications with the primary SOTI MobiControl application.
- Remove SOTI Identity integration with the non-primary SOTI MobiControl first, and then delete the associated application from within SOTI Identity.
- If integration only one secondary SOTI MobiControl instance, you must remove the entire SOTI Identity integration from that SOTI MobiControl instance (the Delete button does not work).
Limitations With an Additional SOTI MobiControl Instance
Procedure
- Enrolling a device enrolled in instance A to instance B still opens a session on instance A in the chat container.
- 
                    If you do not select Save when setting up additional
                            SOTI MobiControl instances or updating an instance, any
                        changes made are not saved. 
                    Note: If you do not select Save, you are not prompted to save your changes.
- 
                    Upgrading SOTI XSight from an earlier version (for
                        example, version 4.3.x to 2024.x) does not update the database values for
                        the non-primary SOTI MobiControl instances in the
                            im_McConnectiontable.
- 
                    Using a relative URL when setting up additional SOTI MobiControl instances gives a duplicate instance error.
                    Note: This limitation is removed in versions 2024.1.0 and later.
Limitations With an Additional SOTI MobiControl Instance and Integration
Procedure
- When SOTI XSight services are stopped, you can see the Assist logo in the SOTI Identity dashboard. This is because as SOTI Identity is using only the SOTI XSight URL from SOTI MobiControl dynamically. The information is not saved on SOTI Identity for SOTI XSight.
- If an expired certificate is bound with port 443/custom port, which XDS is using, you can see 404 error in the SOTI XSight dashboard.
- With SOTI Identity, you cannot access multiple SOTI MobiControl Management Servers separately. The secondary SOTI MobiControl Management Server must be redirected to the primary SOTI MobiControl Management Server.
Troubleshooting
Procedure
- 
                    If SOTI MobiControl is not integrated correctly, errors occur
                        in the SOTI Identity web console when assigning user/group
                        to the respective SOTI MobiControl application.
                     
- 
                    When SOTI Identity uses a centralized database, and a SOTI MobiControl application is already created on one of the
                        SOTI Identity portals, then the admin is not allowed to
                        integrate new SOTI MobiControl with new application
                        details.
                    Note: This is because SOTI Identity stores VM details as metadata.