Console Security
Use the Console Security dialog box to manage user security settings for the SOTI MobiControl console. You can control access to the console, integrate LDAP groups, and link SOTI MobiControl to your identity providers.
The Console Security dialog box is divided into four tabs:
Access Control Policies
The Access Control Policies tab governs the user access settings for the console. You can set password complexity requirements, determine how many times a user is allowed to attempt a login before they are locked out, and allow users to change or reset their passwords.
| Lock accounts after x failed logins | When enabled, console users are locked out of their console account if they fail to log into their account more than the specified number of attempts. |
| Account password expires after x days | When enabled, console users must change the password for their SOTI MobiControl account according to the number of days specified. The new password cannot match the previous password.
Two weeks prior to password expiration, users will be prompted to update their password on every login. If users fail to update password, prior to expiration, they won't be allowed to sign into SOTI MobiControl until the password has been updated. |
| Allow users to change their account password | When enabled, console users can choose their own passwords for their account. SOTI MobiControl console administrators will still be able to see passwords on the Security tab. |
| Limit users to a single concurrent session | When enabled, console users can only have one active session at a time. An existing SOTI MobiControl session will terminate immediate if a user initiates a new session elsewhere. |
| User passwords must meet the following complexity requirements | When enabled, you can set a minimum level of complexity for user passwords to encourage security when accessing the console. Complexity requirements can be based on password length or mandatory character types. |
| Apply complexity requirements to Android Device Administrator Password | When enabled, any complexity requirements specified here also apply to the Device Administrator password configured through the Android Plus Authentication profile configuration.
User passwords must meet the following complexity requirements must be enabled to apply this setting. |
| Must be at least x characters long | Passwords must be the specified length or longer |
| Must contain at least one digit | Password must contain at least one of 1 2 3 4 5 6 7 8 9 0 |
| Must contain at least one upper case letter | Password must contain one or more upper case letters |
| Must contain at least one punctuation symbol | Password must contain one or more punctuation symbol |
| Must contain at least one lower case letter | Password must contain one or more lower case letters |
LDAP Integration
Click Manage to open the Directory Service Configuration dialog box in which you can integrate directory service groups with SOTI MobiControl. When you integrate your directory service groups with SOTI MobiControl you can leverage an existing set of credentials for authentication within SOTI MobiControl and to enroll your devices.
See Managing Directory Service Connections for more information.
SAML SSO
You can incorporate SOTI MobiControl into your single sign on (SSO) solution to provide a single entry point for your users. SOTI MobiControl supports SAML 2.0 identity providers (IdPs). Select Enable SSO and choose an existing IdP connection from the drop-down list, or click the Manage button to configure a new IdP connection in the Identity Provider COnfiguration dialog box.
See Managing Identity Provider Connections for more information.
Endpoint Authentication
Configure authentication settings for other SOTI MobiControl endpoints such as the Self Service Portal and the iOS Profile Catalog.
If you are using LDAP or IdP groups for authentication, see Managing Directory Service Connections or Managing Identity Provider Connections to learn how to configure your groups.