Authenticating Windows Modern Devices Using SOTI Identity

Before you begin

Tip: Assign an Authentication payload before configuring the SOTI Identity Login payload to manage password complexity and failed login attempts.
  1. Configure SOTI Identity in Global Settings.

  2. Assign SOTI Identity users to the SOTI MobiControl application in the SOTI Identity portal.

  3. Ensure devices have internet connectivity for the initial login and authentication.

About this task

The SOTI Identity Login configuration payload in a Windows Modern profile simplifies authentication by leveraging SOTI Identity, eliminating the need for Entra ID services or local user accounts. Administrators can configure Windows Modern devices to authenticate using SOTI Identity with features such as customized login tiles, password synchronization, and offline login support. See Login (Windows Modern) for details. This process involves:
  1. Obtaining and Deploying the SOTI Identity Root Certificate.
  2. Assigning the SOTI Identity Login Profile Configuration.

Obtaining and Deploying the SOTI Identity Root Certificate

Procedure

  1. Open a browser and navigate to the SOTI Identity IdP URL.
  2. Select View Site Information next to the URL, then Connection is Secure.
  3. Select Certificate is valid.
    Checking the validity of a page's certificate
  4. Select Export to export the certificate in .crt format.
    Exporting the certificate.
  5. Rename the exported file to .cer format.
  6. In the SOTI MobiControl web console, create a Windows Modern profile with the Root Certificates payload to deploy the certificate to your Windows Modern devices. See Creating a Profile and Root Certificates.

Assigning the SOTI Identity Login Profile Configuration

Procedure

  1. Create/ edit a Windows Modern profile and select SOTI Identity Login as the profile payload. See Creating a Profile and Editing a Profile.
  2. Ensure Enable login using SOTI Identity is toggled on (default) to allow authentication via SOTI Identity or a directory integrated with it.
  3. Toggle on Enable offline login to allow users to log in when SOTI Identity is unreachable.
    Note: If SOTI Identity is unavailable and offline login is disabled, users receive a Make sure your device is connected to the internet and try again error. If offline login is enabled, users can authenticate successfully even without an internet connection.
  4. Configure the Maximum days option to define how long users can authenticate offline.
    Note: When assigning more than one profiles having this payload, the most restrictive configuration takes precedence.
  5. Assign the profile to the relevant devices or groups. See Assigning a Profile.

Results

  • Windows Modern device users see a customized login tile for seamless SOTI Identity authentication.
  • Offline login works as configured, allowing authentication without an internet connection.

What to do next

Test the deployment by authenticating using SOTI Identity to verify login functionality.