Skip to main content

SOTI MobiControl integration guide

The mobile security application detects malicious activity and, dependent on the MDM platform, can take local action. When the app is integrated with an MDM, the MDM can perform protective actions in addition to local app actions, resulting in a highly effective protection tool. The SOTI MobiControl integration supports both device synchronization and device actions.

Prerequisite requirements

Integration with SOTI MobiControl requires a connection between the Mobile Security Console and the SOTI MobiControl server.

Item

Specifics

SOTI MobiControl App on an MDM Enrolled Device

Release 13.2 and above

SOTI MobiControl Console Access

Access to SOTI MobiControl website at: https://yourHost.mobicontrolcloud.com/MobiControl where yourHost is the URL portion provided by SOTI. Release 14.1.7 or later

An Administrator Account in SOTI MobiControl Console

You need an administrator login with the user group ‘MobiControl Administrators’ permission allocated.

MDM Password

Do not use a colon (:) in the MDM access password field, or use `password` as a password value.

Device application deployment set up

SOTI MobiControl user with administrator access

Log in to the SOTI MobiControl console and define a user as belonging to the ‘MobiControl Administrator’ user group. To create a SOTI MobiControl administrator with the proper access:

  1. From the main menu, select Users and Console Security.

  2. Click Manage Users.

  3. Enter a username and password for the new administrator.

  4. Select the MobiControl Administrator user group for the user.

Google managed enterprise for MobiControl

For setting up Android devices, these additional setup items are needed before the Device Groups, Application Catalog Rule, or Add Devices rules are created.

Log in to the SOTI MobiControl console and perform these steps:

  1. From the main menu, select Global Settings.

  2. Click the Servers tab at the bottom.

  3. Click the change icon for the ‘Android Enterprise Bindings’.

  4. Click New.

  5. Click Managed Enterprise.

  6. You are then redirected to Google's Managed Enterprise Enrollment page. Fill in any necessary information. Once you complete this setup, you are redirected back to MobiControl.

  7. Click OK to continue.

  8. Enter the Enterprise Name and the email for the administrator and click OK to complete the ‘Android Enterprise Bindings’ setup.

Device groups

Device groups are used to organize and synchronize devices with the Mobile Security Console, and can be organized for different OS domains. Aligning device groups is a good practice.

Set Up User and Device Synchronization in Bitdefender Mobile Security console

To set up the MDM integration in Mobile Security Console:

  1. Log in to Mobile Security console.

  2. Go to the Manage page.

  3. Select Integrations.

  4. Click on Add MDM and select the MDM integration you want to use.

    Mobile_security_dashboard_add_MDM_step_1.png

  5. Enter information pertinent to the UEM integration list in the table, and click Next.

    Item

    Description

    URL

    URL of the SOTI MobiControl Server which is in this format: https://yourHost.mobicontrolcloud.com where yourHost is the URL portion given to you by SOTI.

    Username

    The SOTI MobiControl Administrator username that was created and is used to log into the SOTI MobiControl console.

    Password

    The password of the SOTI MobiControl Administrator that is used to log in to the SOTI console.

    MDM Name

    The name used in the Mobile Security console to reference this MDM integration. This name is prepended to the group name to form the Mobile Security console group name.

    Background Sync

    Check this box to ensure users and devices are synchronized with the chosen SOTI MobiControl Device Groups.

    Mask Imported Users Information

    Check this box to mask personally identifiable information about the user when displayed, such as name or email address.

    API key

    This is the API key value to connect to your SOTI MDM instance. This must be manually generated and obtained from SOTI. The format of this field is: client_id:client_secret. - client_id is the client identifier obtained from SOTI. - client_secret is the client secret value obtained from SOTI. - colon is the separator between the two fields.

    Send Device Activation email via Mobile Security console for iOS Devices

    Check this box to send an email to the user for every iOS device synced with the MDM.

    Send Device Activation email via Mobile Security console for Android Devices

    Check this box to send an email to the user for every Android device synced with the MDM.

    mobile-security-mdm-soti.png

  6. Click Next and choose the User Group(s) to synchronize. The available groups show up in the Available Device Groups list and can be moved to the Selected Mobile Security Console Groups list by clicking on the plus sign (‘+’). This can be reversed by clicking on the minus sign (‘-’).

  7. Click Next.

  8. Specify the MDM alerts if you want to be notified when there are MDM sync errors. If you want more than one email address, separate them by a comma.

  9. Click Finish to save the configuration and start the first synchronization by clicking Sync Now.

Application catalog rule

The application catalog rule defines a collection of the applications that are pushed to the devices. At least one application catalog rule is needed for iOS and one for Android.

To create the application catalog rule, perform these steps:

  1. Select the menu icon and then select Rules.

  2. Select the desired OS, and then right-click on Application Catalog to select the option to Create Application Catalog Rule.

  3. Define at least the GravityZone MTD for deployment on the device by:

    1. Provide a name for the rule.

    2. Select Add and select Enterprise Applications for iOS and Managed Google Play Applications for Android.

    3. Provide the path of the IPA or APK file for the GravityZone MTD and the file is uploaded to the SOTI MobiControl console.

    4. Click Advanced and select the Application Type value. The mandatory value is recommended. See the “About Deployment Options” section for more information.

    5. Click Ok twice.

About GravityZone MTD Deployment

To deploy the GravityZone MTD through SOTI MobiControl MDM, use the version of the app available through either the Apple App Store or Google Play Store. Both iOS and Android apps are in their respective public application stores, and it is good practice to deploy the latest application through SOTI MobiControl.

To obtain the application from the public application store, search the appropriate store for GravityZone Security for Mobile App.

To deploy as an internal app, log in to SOTI MobiControl, upload the proper application file (IPA for iOS and APK for Android) to SOTI MobiControl under the appropriate application catalog rule. Then, SOTI distributes the app to the devices.

Configuring device application auto-activation

iOS activation

The GravityZone MTD takes advantage of the application configuration when the app is pushed down to the device. This provides the best user experience, allowing the user to startup iOS GravityZone MTD without having to enter any credentials. The application configuration pre-programs iOS GravityZone MTD with the required information. This configuration is performed within SOTI MobiControl. During the add application step, there is a configuration option. As another alternative, you can edit the application after the application is added.

Use these configuration values.

Configuration Key

Value Type

Configuration Value

Additional Notes

MDMDeviceID

String

%DeviceIdentifier%

tenantid

String

Retrieve from Mobile Security Console

Copy the value from the Tenant ID field on the Mobile Security Console Manage page under the General tab.

defaultchannel

String

Retrieve from Mobile Security Console

Copy the value from the Default Channel field on the Mobile Security ConsoleManage page under the General tab.

tracking_id_1

String

Use the desired identifier

(Optional) This is a tracking identifier.

tracking_id_2

String

Use the desired identifier

(Optional) This is a tracking identifier.

display_eula

String

no

(Optional) If this key is not used, the default displays the End User License Agreement (EULA).

Android activation

Android Enterprise users can use the managed app configuration for activations. You need to make sure you are passing the right device ID value for the configuration parameter. The configuration key variables are the same set as the PLIST variables in the “iOS Activation” section. Ensure for Android that these items are completed:

  • The Android Enterprise bindings are set up.

  • The Application Catalog Rule links to the Managed Google Play Applications.

  • The Add Devices Rule is linked to the Android Enterprise Binding.

  • The configuration keys are set up similarly to iOS keys with the exception of the Android personal profile auto-activation keys and values.

In this section: