SOTI Pulse Logo

How to add Azure Idp in MobiControl

MI
Marius Iversen
Nordic Mobility

Since there is no documentation on how to do this, I thought I’d share it with everyone.

You should add Azure Directory first. See this guide: https://discussions.soti.net/thread/how-to-connect-mobicontrol-with-azure-ad

  • In MobiControl – Global Settings – Services – Identity Provider
  • Download the MobiControl Metadata File
  • Go to Azure AD Portal
  • Enterprise Applications
  • New Application
  • Search for and add MobiControl
  • Set up single sign on – SAML
  • Upload metadata file – upload the MobiControl Metadata File you downloaded from MobiControl
  • Basic SAML Configuration should be like this:
    1. Identifier (Entity ID) - https://%DOMAIN%/mobicontrol
    2. Reply URL - https://%DOMAIN%/mobicontrol/sso/sp/handlelogon
    3. Sign On URL – https://%DOMAIN%/mobicontrol
    4. Logout Url - https://%DOMAIN%/MobiControl/sso/sp/handlelogout

Example:

  1. Identifier (Entity ID) - https://s123456.mobicontrolcloud.com/mobicontrol
  2. Reply URL - https://s123456.mobicontrolcloud.com/mobicontrol/sso/sp/handlelogon
  3. Sign On URL - https://s123456.mobicontrolcloud.com/mobicontrol
  4. Logout Url - https://s123456.mobicontrolcloud.com/MobiControl/sso/sp/handlelogout
  • SAML Signing Certificate
    1. Signing Options – Sign SAML response and assertion
    2. Signing Algorithm – SHA-256
  • Go to Azure AD Portal
  • App Registrations
  • Find MobiControl – if you do not see it, check under All Applications
  • Manifest
  • Search for “Group Membership Claims” – the value should be “1” with the “
  • Go to Azure AD Portal
  • Enterprise Applications
  • MobiControl
  • Set up Single Sign On
  • SAML Signing Certificate
  • Download Federation Metadata XML
  • Go to MobiControl
  • Global settings – Services – Identity Provider
  • Select +
    1. Name – can be anything
    2. Idp Metadata File – upload the Metadata XML you just downloaded
    3. Group Settings – Group From – Directory – add you directory
  • Save

Testing:

  • Create a new iOS Enrolment
  • User Enrolment
  • Accounts Federated by Microsoft Azure AD – select the directory you just created
  • Based on group membership
  • Select the Azure Idp and search for a group. If you find it, your good to go.
azure idp azure idp
3 years ago
SOTI MobiControl
ANSWERS
MI
Marius Iversen
3 years ago

I forgot one thing - you have to add a user group to the Enterprise Application. The user group should be group of users that will use Idp for logging into MobiControl.

Also - you have to enable Identity Providers as autentication. Do this by going to Global Settings - Console Settings - Authentication Options, enable Identity Providers and select the Idp you just created.

Similar Discussions