SOTI Pulse Logo

Issue after setting up SSO with OKTA

Solved Locked
D
Daniel
Helmerich & Payne

We just started using SOTI MC a month ago to allow for remote training and support to be possible on field personnel's company devices. My company has requested that our on prem Soti Mobi Control be accessible through OKTA for the support users. I have opened a ticket a couple weeks ago when our SSO admin was having issues configuring it in the web consol. I haven’t had much luck support wise with that subject(but some luck in other areas). So after getting another “has this been resolved yet” email, we decided to just try using what little info is in the guide. That was a mistake. The moment the “Enable SSO” box was checked and “OK” was pressed we were all kicked. I immediately responded to the ongoing email chain with Soti on the case regarding our SSO setup, got a response a day later, but only asking if the issue was resolved or not.

(Update)I just received another response from support. They stated that I had several issues and a case needed to be made for each one. The original issue regarding the SSO(SAML) was replaced with one of the latter issues. I’ll have to open another case with support to have someone else start helping with the SSO issue.

TLDR: SSO was activated but not configured properly, and now no one can log into the system to turn SSO off. Not sure what else we can do to recover the system.

Anyone know what options we may have to get this back to a usable state? Chances are I won’t have access to do anything on the server or database side(I will have to speak to the departments instead), but if I knew what to say and ask for, that would help alot.

On a side note, does support from Soti get better if you pay for Enterprise support? I am still trying to justify the extra expense to the bosses.

sso locked-out saml single-sign-on okta
Edited 7 years ago
SOTI MobiControl
ANSWERS
S
SMod@Soti
7 years ago (edited 7 years ago)

Hi Daniel,

I do see that you have several cases opened regarding SSO setup for MobiControl. I have brought this issue up internally and the assigned agent will reach out to yourself shortly.

Once SSO is enabled, if MobiControl MS fails to connect to the SSO server, it will not present a valid login page.

To get around this issue, you can add "?nosso=true" next to your MobiControl server FQDN to manually disable SSO for that one logon request. For eg:

https://www.yourserverFQDN.com/MobiControl?nosso=true

Using this parameter you should be able to get to the MobiControl login page and use a local MobiControl account to login and then disable SSO for the moment.

If the above method fails, please let me know and I will have the right resource reach out to you to help you disable SSO from the MobiControl database.

Can you please provide more details on exactly what issues are you facing regarding SSO setup? If this includes any personal information about your SSO server environment, please feel free to send me a private message.

Enterprise Support provides dedicated senior level resource to your account and all the reported issues and queries are handled by the same resource. More information on Enterprise level support can be found here:
https://www.soti.net/services/enterprise-support/

Please let me know if you have any further questions.

Thanks

Solution
D
Daniel
7 years ago

Awesome! That got us in. Is that mentioned in the guide, or is that a known command for this sort of thing?

I'll PM you more details; but in short,  I think the info requested and given in SOTI does not completely match the info requested and given through our SSO. The guide didn’t clarify it for our admin, so info that was imported was either not correct or not complete. I'm sure it is an easy fix, just requires understanding of what is needed in terms that each system can understand. As I do not have access to any of the SSO info, I will have to defer to our SSO admin to more accurately explain what we are working with. So I'll PM you what he says once I am able to setup a meeting with him.

Thank you again for your quick help on this.

S
SMod@Soti
7 years ago

Glad to hear that you are able to access the MobiControl console now.

This is not mentioned in the online help documentation, but I have contacted the documentation team to include it on the help file.

Please feel free to PM me the details and I can assist you from there.

Thanks!

Similar Discussions