SOTI Pulse Logo

Okta IdP integration with SOTI MobiControl

Publish Date: SOTI MobiControl
1345

Summary

This article explains how to set up Single Sign-On (SSO) for the web console by integrating Okta IdP with SOTI MobiControl.

Related SOTI ONE Platform Products

SOTI MobiControl

Situation

These steps enable single sign-on (SSO) with Okta IdP for logging in to the SOTI MobiControl web console as an alternative to signing in with local accounts or SOTI Identity.

Environment

The integration is compatible with:

  • SOTI MobiControl 15.2.0 or later.
  • OKTA Identity Engine 2020.07.0 or later.

Process Description

Pre-requisite

Before beginning the integration process, obtain the necessary files from the SOTI MobiControl Web Console:

1. Log in to the SOTI MobiControl web console.

2. Navigate to Main menu > Global Settings > Services > Identity Provider.

3. Download the MobiControl Metadata File and MobiControl IdP Certificate.

Note: The MobiControl Metadata File contains essential information. When opened in a text editor, verify the underlined fields.

This integration has two parts:

  • Configuring Okta
  • Configuring SOTI MobiControl

 

Configuring Okta

SAML Application Setup

1. Log in to your Okta account and access the admin console.

2. Navigate to Applications > Applications > Create App Integration.

3. Select SAML 2.0 as the sign-in method and select Next.

4. Provide an App name and, if desired, upload a custom logo, then click Next.

5. For the Single sign-on URL, input the AssertionConsumerService Location value from the metadata file. 

6. Ensure the checkbox for Use this for Recipient URL and Destination URL remains checked.

7. Update the Audience URI (SP Entity ID) with the entityID value from the metadata file.

8. Set the Name ID format to EmailAddress and the Application username to Email.

9. Under Group Attribute Statements (optional), add a Matches regex filter for Groups with the following value:

.*

 

10. Click Next and then Save to complete the setup.

11. View the SAML setup instructions by selecting the newly added Application (e.g., “MobiControl”) and navigating to Sign On > View SAML setup instructions.

Assigning the SAML application

(optional) If necessary, add a new group in Okta by navigating to Directory > Groups and selecting Add Group. Then select Save.

1. Navigate to the Assignments tab of the application.

2. Locate the group's name and select Assign next to it.

 

Configuring SOTI MobiControl

Identity Provider Addition

1. On the SOTI MobiControl web console, navigate to Global Settings > Services > Identity Provider.

2. Select +(Add) to add a new Identity Provider and enter the IdP Entity IDIdP URL, and Certificates from Okta.

3. Select IdP as the Group From value.

4. Set the List Attributes to Groups, then select Save.

Group and Role Assignment

1. Navigate to Main Menu > Users and Permissions. Select Groups, then select +(Add) to add the Okta directory group.

2. Add the Okta Group and assign the appropriate role (e.g., MobiControl Administrators).

Enabling SSO

1. Navigate to Global Settings > Console Settings, and select Identity Providers as the Authentication Type.

2. Select the Okta integration created earlier and Save.

Note: Upon saving, the web console will log you out and redirect you to the Okta portal for SSO login.

Was this helpful?

Similar Articles

Updating or Downgrading Zebra Printer Firmware Using Zebra Setup Utilities
SOTI MobiControl
Shared Device SSO (WebSSO) Failure on Microsoft Edge for Outlook and Teams (Web)
SOTI MobiControl
How to Upload Packages or APKs to SOTI MobiControl via API Using Curl
SOTI MobiControl
Profile Deployment Schedule Does Not Update After Edit
SOTI MobiControl
How to Use https://FQDN/MobiControl/api/profiles to Return All Profiles
SOTI MobiControl