Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Configurations
Using Profiles
Profile Configurations
Profile Configurations By Category
Security Profile Configurations
Single Sign-on
Configuring Microsoft Authenticator Single Sign-On (iOS/ iPadOS)
Set up Microsoft Authenticator SSO on iOS or iPadOS devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.
Deploy the Microsoft Authenticator SSO Payload and Application (iOS/ iPadOS)
Deploy the Microsoft Authenticator SSO payload and required apps to enable seamless sign-in on iOS/iPadOS devices.

Welcome to SOTI MobiControl 2025.1 Help
SOTI MobiControl is an enterprise mobility management solution designed to help you efficiently manage your organization's devices. Use the SOTI MobiControl Help Center to explore its full range of features.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
- Managing Configurations
  - Using Profiles
    - Creating a Profile
    - Assigning a Profile
    - Editing Profile Access Permissions
    - Editing a Profile
    - Deleting a Profile
    - Cloning a Profile
    - Viewing Profile Assignments
    - Viewing Profile History
    - Viewing Profile Logs
    - Revoking a Profile
    - Reinstalling a Revoked Profile
    - Disabling a Profile
    - Exporting Profiles
    - Importing Profiles
    - Managing Profiles Queue
    - Downloading a Profiles List
    - Emailing a Profiles List
    - Profile Configurations
      - Profile Configurations By Category
        Security Profile Configurations
        Antivirus Protection
        Authentication
        BitLocker
        Certificate Transparency
        Certificates
        Factory Reset Protection
        File Encryption
        FileVault
        KNOX Container
        Out of Contact
        Passcode
        SCEP
        Security and Privacy
        Single Sign-on
        Imprivata Mobile Device Access | Single Sign On (Android)
        Use the Imprivata Mobile Device Access profile to create custom connections to LDAP directories and set up Single Sign On authentication for your Android devices without using the console/configurations/advancedconfigurations/shareddevice/configure_app_authenticator.html feature.
        Single Sign on (macOS)
        Single Sign-On for Android with SOTI Identity
        Configuring Extensible Single Sign-On (iOS/ Shared iPad User)
        Configuring Kerberos Extensible Single Sign-On (iOS/ Shared iPad User)
        Configuring Kerberos Single Sign-On (iOS)
        Configuring Microsoft Authenticator Single Sign-On (iOS/ iPadOS)
        Set up Microsoft Authenticator SSO on iOS or iPadOS devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.
        Assigning User Licenses In Microsoft Entra ID/Azure AD
        This procedure describes how to assign licenses in Microsoft Entra ID/Azure AD for use with Single Sign On (SSO) using Microsoft Authenticator.
        Add a Microsoft Authenticator SSO Payload (iOS/iPadOS)
        Connect Microsoft Entra ID for Microsoft Authenticator SSO (iOS/ iPadOS)
        Set up a trusted connection between SOTI MobiControl and Microsoft Entra ID to support device registration and Single Sign-On (SSO) for Microsoft apps.
        Configure Conditional Access for Microsoft Authenticator SSO (iOS/iPadOS)
        Integrate Microsoft Conditional Access to enforce sign-in policies and validate Single Sign-On (SSO) compliance through your Microsoft Entra ID tenant.
        Define Extensible SSO for Microsoft Authenticator SSO (iOS/ iPadOS)
        Add Microsoft URL prefixes to the Extensible Single Sign-On (SSO) configuration so the Microsoft Authenticator app can detect and process authentication requests for supported Microsoft services.
        Deploy the Microsoft Authenticator SSO Payload and Application (iOS/ iPadOS)
        Deploy the Microsoft Authenticator SSO payload and required apps to enable seamless sign-in on iOS/iPadOS devices.
        Register Devices for Microsoft Authenticator SSO (iOS/ iPadOS)
        Register iOS/ iPadOS devices with Microsoft Entra ID to enable automatic sign-in to Microsoft Authentication Library (MSAL) apps using Microsoft Authenticator Single Sign-On (SSO).
        Configuring Microsoft Authenticator SSO (Android)
        Set up Microsoft Authenticator SSO on Android devices to streamline sign-in across Microsoft Authentication Library (MSAL) apps, such as Microsoft Teams or Outlook.
        System Update Policy
        CIS Benchmarks
        Microsoft Security Baselines
        Restrictions Profile Configurations
        Email, Contact, and Calendar Profile Configurations
        Connectivity Profile Configurations
        Other Profile Configurations
        SOTI Apps Profile Configurations
      - Profile Configurations By Platform
    - Declarative versus Reactive Profiles
  - Using Advanced Configurations
  - Using Settings Manager
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
Cloud Link Agent
Glossary
Notices

Deploy the Microsoft Authenticator SSO Payload and Application (iOS/ iPadOS)

Deploy the Microsoft Authenticator SSO payload and required apps to enable seamless sign-in on iOS/iPadOS devices.

Before you begin

Ensure that you have completed the following configuration steps:

About this task

This is the fifth step in configuring Microsoft Authenticator Single Sign-On (SSO) for your iOS/ iPadOS devices. See Configuring Microsoft Authenticator Single Sign-On (iOS/ iPadOS).

In this step, you assign the configured SSO payload and deploy the Microsoft Authenticator app, along with any Microsoft Authentication Library (MSAL) apps that require SSO support.

Procedure

After configuring the Microsoft Authenticator SSO payload, assign the profile to your target iOS/ iPadOS devices. See Assigning a Profile.
A prompt appears, asking you to deploy the Microsoft Authenticator application.
Create an iOS/ iPadOS app policy that includes the Microsoft Authenticator app and any MSAL apps that will use SSO. See Using App Policies for instructions.
In the app policy settings for the Microsoft Authenticator application, configure the following:
- Set the deployment type to Mandatory.
- Enable Prevent removal of app by device user.
Important: You must also deploy the SOTI MobiControl iOS/iPadOS agent as a mandatory application and prevent users from removing it.

Results

The Microsoft Authenticator SSO configuration and the required applications successfully deploy to your iOS/iPadOS devices.

What to do next

Complete the configuration by registering devices with Microsoft Authenticator SSO. See Register Devices for Microsoft Authenticator SSO (iOS/ iPadOS).