SOTI Pulse Logo

How to use the 'Users' tab during App policy assignment

DL
Daniel LePage
foundationbts

I am attempting to filter the app assignment of some social media apps to specific users across multiple departments.

When I set a 'User Group Target' in the assignment page to 'Include IdP Group Name = Social Media' every device is excluded from the assignment. I am no longer sure I understand what this feature does because every possible combination of properties I've tried would fully exclude all devices.

The devices are associated and enrolled with user authentication and do show the correct 'Member Of' groups in the User details panel of the device.

Is there a way to filter policy assignment using Identity groups instead of creating a new virtual group for every department or doing device specific assignments?

Identity Group User Group Targets filter assignment app assign
5 months ago
SOTI MobiControl
ANSWERS
RC
Raymond Chan Diamond Contributor
5 months ago

You still have to select the device group(s) in which the targeted device(s) are located. The User/User Group filter(s) are LOGICALLY AND with the device/device-group(s) SELECTED to get the final set(s) of device(s) to be assigned the app(s) included in the app policy.   

DL
Daniel LePage
5 months ago

Hi Ray,

I thought this too but I have the whole test group targeted and I am still not able to get the assignment policy to be picked up by the test phone. If I remove the user group target and make no other changes the policy applies.

I tried a new group user target, '[Include IdP Group Name = Social Media Apps] OR [IdP Group Name ≠ Social Media Apps]' which also fails.

I will attempt to test this with Entra instead of SOTI Identity tomorrow to see if it is an issue with the identity provider.

RC
Raymond Chan Diamond Contributor
5 months ago

Have you included (i.e. LOGICAL-AND)  the "IdP Connection Name" with your IdP Group Name "Social Media Apps"  in your filter expression?

DL
Daniel LePage
5 months ago

Target groups: \\Test

User Groups: Include(IdP Connection Name = SOTI Identity) AND (IdP Group Name = Social Media Apps)

The connection name and group name were both auto-prompted by the form so it's not like they aren't recognized or don't exist in MobiControl.

There are 2 target devices in the root of \\Test, one has a user assigned who is a member of 'Social Media Apps' group. Removing the User Group variables makes the apps accessible on both devices. Setting a grouped OR for (IdP Group Name ≠ Social Media Apps) also blocks all assignment.

I could assign on a per device basis or create virtual groups for each department but I'd like to avoid having to make those types of granular changes for every device change and for every limited access app.

E
ENMod
5 months ago

Hey Daniel,

Thanks for posting on SOTI pulse. Thank you Raymond for providing assistance. I can see you have configured the assignment properly. If you're still facing issues with the same, I request you to log a case for the issue so that we can test this more efficiently and get a resolution for the same.

Technical Support, SOTI | Call Us | SOTI.net | Discussion Forum | Log a Case Online

Similar Discussions