Integrating SOTI Identity and Additional SOTI MobiControl Instances

About this task

This section describes the following topics related to integrating SOTI XSight with SOTI Identity and additional SOTI MobiControl instances.
Note: Additional SOTI MobiControl instances are supported in SOTI MobiControl version 15.4 and later.

Requirements for SOTI XSight Integration

Procedure

  1. SOTI Identity (SI), SOTI MobiControl (MC) and SOTI XSight (XS) must all be at version 2024.0 or later.
  2. SOTI MobiControl can be either on a cloud based virtual machine (VM) or on-premises with an external IP address.
  3. The VM must have a secure certificate (for example, LetsEncrypt) and *.sotiqa.com

Requirements for Additional SOTI MobiControl Instances

Procedure

  1. For SOTI Identity users to access both primary and non-primary SOTI MobiControl data in SOTI XSight, the same SOTI Identity users and user groups should be present on all SOTI MobiControlMobiControl instances.
  2. All SQL Server ports (default:1433 and non-default ports) must be open.

Integration Of SOTI Identity with SOTI MobiControl

Procedure

Create Application for SOTI MobiControl in SOTI Identity Console

  1. Login to the web console
  2. From the main menu, select Applications.

    Application tab at SOTI Identity console

  3. Select New Application.
    New application for SOTI Identity console
  4. Enter the information for the SOTI MobiControl instance, the SOTI Identity administrator. Make note of the generated client ID and secret for the SOTI MobiControl administrator.

    Enter the app details

Integrate SOTI Identity with SOTI MobiControl
  1. As SOTI MobiControl administrator, login to the SOTI MobiControl web based console.
  2. From the main menu, select Global Settings > SOTI ONE > SOTI Identity.
  3. Toggle the Enable SOTI Identity button On.
    Toggle enable SOTI Identity button
  4. Enter the client ID and secret for the app you generated in Step 4.
    Enter the clientID and secret

Assign SOTI MobiControl Role to SOTI Identity- User/Group

  1. Select Assign User in your SOTI Identity application.
    Select Assign User button
  2. Select your user/group
    Select your User/Group

Visibility of SOTI XSight tile in SOTI Identity console

  1. From the SOTI XSight web console, you can see the SOTI MobiControl tiles with the associated legacy SOTI Assist tile.
    Note: This is because SOTI XSight is not yet installed.

Install SOTI XSight with a Single XSight Management Server

Procedure

  1. Install SOTI XSight associated with SOTI Identity integrated SOTI MobiControl.
    XSight associated with MobiControl
Enabling SOTI Identity authentication within SOTI XSight
  1. Login to the SOTI XSight web console as administrator.
  2. From the main menu, select Settings > Integration > MC Integration.
  3. Enable Use SOTI Identity for user authentication.
    XSight: SI user Authentication
  4. Login to the SOTI Identity web console.
  5. In the SOTI MobiControl application, select Edit.
  6. Add the associated SOTI XSight details to SOTI Identity.
    XSight name and URL under MobiControl Application at SOTI Identity portal
Visibility of XSight tile in SOTI Identity Console
  1. The name of the SOTI XSight tile changes to SOTI XSight's FQDN in the SOTI Identity web console.

Install SOTI XSight with Multiple SOTI XSight Management Servers

Procedure

Installer changes
  1. To install a second XMS, use the public URL instead of the host URL. Use the primary URL if the environment does not have a load balancer.
    XSight URL for second XMS
  2. From the SOTI MobiControl Integration wizard, use the relative SOTI MobiControl URL, use same Client Id and Client Secret. Do not select Overwrite the default MobiControl connection settings.
    Details of MobiControl Integration wizard for second XMS
  3. Select Next.

Second MobiControl node’s Admin Utility

  1. Do not select Override Local Management Service Address for the second SOTI MobiControl Management Server, as SOTI Identity doesn’t support multiple SOTI MobiControl Management Servers.
    Override details for Second XMS at MobiControl Admin Utility
  2. Override the SOTI Assist URL with the second XMS URL detailss
    Note: Follow same steps as mentioned above in Enabling SOTI Identity authentication within SOTI XSight.
  3. The SOTI XSight tile is visible in the SOTI Identity console with multiple Management Servers.
    XSight tile after toggling the SI-Auth button
    Note: This is due to enabling Use SOTI Identity for user authentication in Enabling SOTI Identity authentication within SOTI XSight.

Integration of Additional SOTI MobiControl Instances with SOTI Identity

About this task

Integrate SOTI Identity with SOTI MobiControl.

Procedure

Toggle support for additional SOTI MobiControl Instances
  1. Login to the SOTI XSight web console as administrator.
  2. From the main menu select SettingsIntegrationMobiControl Integration.
  3. Enable Enable to support additional MobiControl Instances.
    Enable support for additional MobiControl instances
Configure SOTI XSight Management Server’s Login Mode
  1. Add the XMS FQDN for Management Server (for example, x000068.qaxsight.mobicontrol.cloud).
  2. In the Login Mode dropdown, select either XSight Login or MobiControl Login. For a SOTI Identity environment, select MobiControl Login to ensure SOTI XSight uses the same login mode as SOTI MobiControl ( i.e., the SOTI IdentitySOTI Identity authentication mode).
  3. Select to add additional login modes.
Adding details to a non-primary SOTI MobiControl instance
  1. Select in Other Instances.
    Adding instance details for non-primary MobiControl
  2. Enter the following information in the Add MobiControl panel.
    Instance details
    Table 1. Instance Details
    Setting Value
    Name Enter the name of the non-primary instance to add. The name is reflected on the device search points throughout SOTI XSight (Incident Management, Chat Container and Operational Intelligence).

    For example, x92.
    Access URL The URL of the non-primary SOTI MobiControl.
    Note: For SOTI Identity, "/mobicontrol" in the URL should be in lowercase as SOTI Identity is case sensitive.
    Use SOTI Identity for user authentication Toggle off
    Configure credentials
    Table 2. Configure Credentials
    Setting Value
    MobiControl Database Server The database server name of the non-primary SOTI MobiControl instance. The SQL instance which hosts the SOTI XSight database must be able to connect to the SQL Server (ports) instance which hosts the secondary SOTI MobiControl database.
    MobiControl Database Name The name of the non-primary SOTI MobiControl database.

    For example: MobiControlDB
    Username The SQL Server username of the user that has full privileges.
    Password The SQL Server password of the user that has full privileges.
Save non primary MC’s Database details
  1. Select Save.
  2. Follow the instructions in the Add MobiControl prompt. Complete the following:
    • Install the root certificate of the added SOTI MobiControl instance on the SOTI XSight server.
    • Restart the SOTI XSight Management Service in the Administration Utility.
    • Re-login to SOTI XSight.
    Select Ok.
    Certificate prompt
  3. Add the non-primary SOTI MobiControl root certificate to VM where XMS is installed and restart XMS from the Admin Utility/Services.
    Note: If the SOTI XSight installation has more than one XMS instance, you must install the certificate on all XMS instances and restart these instances.
Save and re-start the SOTI XSight Management Services
  1. Select Save.
  2. The Restart Services panel displays. You must restart the XMS in Admin utility for the changes to take effect.
    Restart services
Export- Import of Non- primary SOTI MobiControl’s Root Certificate
  1. RDP into the non-primary SOTI MobiControl instance.
  2. Open the SOTI MobiControl Admin Utility.
  3. Select the Certificates tab.
    Select the Certificates tab
  4. In the Root Certificate Management panel, select Export.
    Export the root certificate
  5. Transfer the non-primary SOTI MobiControl root certificate file to the primary XMS server. For example, Root.cert.
    Note: If SOTI XSight has more than one XMS instance, you must install the certificate on all XMS nodes.
  6. On the primary XMS server, double-click on the non-primary SOTI MobiControl root certificate file that was copied over.
    1. Select Install Certificate.

      Select install certificate

    2. In the Certificate Import Wizard, select Local Machine and then select Next.

      Select local machine

    3. Select Yes.

      Select yes

    4. In the Certificate Import Wizard, select Place all certificates in the following store and then select Browse.

      Save all certificates to a specified store

    5. Select the Trusted Root Certification Authorities certificate store, then select Ok.

      Select the Trusted Root Certificates Authorities certificate store

    6. In the Certificate Import Wizard, select Next.

      Select next

    7. In the Certificate Import Wizard, select Finish.

      Select Finish

    8. In the Certificate Import Wizard, the message The import was successful displays.

      The import was successful

Verify SOTI XSight integration with secondary SOTI MobiControl in theSOTI Identity web console.
  1. Restart the SOTI XSight services and re-login.
  2. In the SOTI MobiControl integration page, toggle SOTI Identity user authentication Off and then On.
  3. The associated SOTI XSight details are viewable in the secondary SOTI MobiControl's application details from within the SOTI Identity console. The Manage Group icon of the secondary SOTI MobiControl displays.
    Manage Group button of MC application when XSight is integrated.
Integrate the secondary SOTI MobiControl with the primary SOTI MobiControl from the SOTI Identity web console
  1. Select Manage Group of the primary SOTI MobiControl.
  2. In the Manage MobiControl App Groups panel, enter a unique group name.
    Manage group of primary MC
    Note: The group name must be unique within SOTI Identity. You cannot use a name which already exist for another group.
  3. Select to add a secondary-SOTI MobiControl application.
    Adding secondary MC at SI console
Token for Secondary MC
  1. The secondary SOTI MobiControl’s token is generated within 2 hours. SOTI Identity sends it to the primary SOTI MobiControl.
    Note: The token details are viewable in the SotiOneApplication table of the SOTI MobiControl database.

Hybrid integration of MobiControl Instances (Legacy and SI-integrated)

About this task

Follow all of the steps mentioned above and in the document Integrating Additional SOTI MobiControl Instances.

Procedure

  1. Include both login modes with the respective XMS.
    Add both XSight Login modes
  2. Override the SOTI XSightXSight URL under the legacy integration of SOTI MobiControl.
    Add Secondary XMS URL at Legacy Secondary MC’s MCAU

Deleting a Non-Primary SOTI Identity-SOTI MobiControl Instance Integrated with SOTI XSight

About this task

Procedure

  1. Follow all six steps above mentioned in Deleting a Non-Primary SOTI MobiControl Instance Integrated with SOTI XSight
  2. From within the SOTI Identity console and select the primary SOTI MobiControl application.
  3. Select Manage Group and open the Manage MobiControl App group wizard.
  4. Delete the secondary SOTI MobiControl application by selecting the delete icon.
    Delete non-primary MC under MobiControl App Group Wizard
  5. Select Update.
    Edit primary Instance at SI portal
  6. You cannot delete the primary SOTI MobiControl application until you switch the secondary SOTI MobiControl applications with the primary SOTI MobiControl application.
  7. Remove SOTI Identity integration with the non-primary SOTI MobiControl first, and then delete the associated application from within SOTI Identity.
  8. If integration only one secondary SOTI MobiControl instance, you must remove the entire SOTI Identity integration from that SOTI MobiControl instance (the Delete button does not work).

Limitations With an Additional SOTI MobiControl Instance

Procedure

  1. Enrolling a device that was enrolled in instance A to instance B will still open a session on instance A in the chat container.
  2. If you do not select Save when setting up and additional SOTI MobiControl instances or updating an instance, any changes made are not saved.
    Note: If you do not select Save, you are not prompted to save your changes.
  3. Upgrading SOTI XSight from an earlier version (for example, version 4.3.x to 2024.x) does not update the database values for the non-primary SOTI MobiControl instances in the im_McConnection table.
  4. Using a relative URL when setting up additional SOTI MobiControl instances gives a duplicate instance error.
    Note: This limitation is removed in versions 2024.1.0 and later.

Limitations With an Additional SOTI MobiControl Instance and Integration

Procedure

  1. When SOTI XSight services are stopped, you can see the Assist logo in the SOTI Identity dashboard. This is because as SOTI Identity is using only the SOTI XSight URL from SOTI MobiControl dynamically. The information is not saved on SOTI Identity for SOTI XSight.
  2. If an expired certificate is bound with port 443/custom port, which XMS is using, you can see 404 error in the SOTI XSight dashboard.
  3. With SOTI Identity, you cannot access multiple SOTI MobiControl Management Servers separately. The secondary SOTI MobiControl Management Server should be redirected to the primary SOTI MobiControl Management Server.

Troubleshooting

Procedure

  1. If SOTI MobiControl is not integrated properly, errors occur in the SOTI Identity web console when assigning user/group to the respective SOTI MobiControl application.
    Error while assigning user/group to the application
  2. When SOTI Identity uses a centralized database, and a SOTI MobiControl application is already created on one of the SOTI Identity portals, then the admin is not allowed to integrate new SOTI MobiControl with new application details.
    Note: This is because SOTI Identity stores VM details as metadata.
    Error if Application is already created and assigned with previous MC on same VM.