Identity Provider Manager

Identity provider (IdP) connections provide SOTI MobiControl access to your identity provider. These connections are used for user authentication, device enrollment, and security configuration.

Use the Identity Provider Manager dialog box to add an identity provider (IdP) connection to SOTI MobiControl.

Important: SOTI MobiControl requires that the response to the assertion be signed in addition to the assertion itself. Furthermore, SOTI MobiControl cannot accept an encrypted assertion.

You can download the SOTI MobiControl metadata file to your computer.

IdP Settings

Note: SOTI MobiControl currently only supports the SP-Initiated SSO: Redirect/POST flow for the Web Browser SSO profile. Refer to SAML 2.0 specification (5.1.2) for more details.


Name	Enter a name for this IdP connection in SOTI MobiControl.
IdP Metadata File	Click Import to upload your IdP's metadata file to SOTI MobiControl. This file is contains information necessary to create a link between your IdP and SOTI MobiControl. You can fill in the rest of the settings manually if you do not have an IdP metadata file.
IdP Entity ID	Enter the globally unique identifier for the SAML IdP. The IdP Entity ID should be obtained from your IdP administrator.
IdP URL	Enter the IdP SSO login URL. SOTI MobiControl uses this URL to initiate the SSO login sequence. The IdP URL should be obtained from your IdP administrator. Note: SOTI MobiControl supports only HTTP-POST binding.
Logout URL	[Optional] Enter a URL that users are redirected to when they log out of the SOTI MobiControl console and Self Service Portal. If a Logout URL is not provided, users are redirected to a default logoff page. Note: SOTI MobiControl does not support single logout (SLO).
Certificate	Click Browse to upload the root certificate used by your IdP. Your certificate must be in either DER-encoded binary X509 or Base64-encoded X.509 format. Note: SOTI MobiControl supports a single certificate per IdP.

Group Settings

Tip: Remember to create IdP User Groups in the SOTI MobiControl Users view for this IdP connection and set their permissions.


Directory	Choose a directory from the drop-down list. If you do not have any directories configured, see Managing LDAP Connections for information on setting one up.
IdP	Enter a List Attribute and, optionally, a List Delimiter. A List Attribute is an assertion attribute in the incoming SAML authentication response that contains groups. A List Delimiter splits up attribute values into multiple values. If a delimiter is not set, it is assumed that the attribute value contains multiple XML nodes, each one a different group name. SOTI MobiControl uses these Group Attributes to authorize users. Make sure that you have created these attribute values in your IdP and assigned them to users. You also need to provide the values in the Attribute Statement section of the assertion response so they can be matched against the defined IdP User groups to determine access rights for the user.