LogoLogo
LogoLogo
  • Welcome
  • Details
  • Editions
  • Use Cases
  • SCEPMAN Deployment
    • Getting Started
      • Standard Guide
      • Extended Guide
    • Azure Sizing
    • Permissions
      • V1.x: Azure App Registration
      • V2.x: Managed Identities
    • Deployment Options
      • Marketplace deployment
      • Enterprise deployment
      • Terraform deployment
    • Root Certificate
    • Uninstallation
  • Architecture
    • Device Directories
    • Private Endpoints
  • Certificate Deployment
    • Microsoft Intune
      • Windows
      • macOS
      • Android
      • iOS/iPadOS
      • Linux
    • Jamf Pro
      • General Configuration
      • Computers
      • Devices
      • Users
    • Certificate Master
      • Certificate Signing Request (CSR)
      • TLS Server Certificate
      • Sub CA Certificate
      • Code Signing Certificate
      • Client Certificate
      • User Certificate
    • Other MDM Solutions
      • Google Workspace
        • ChromeOS
      • Kandji
      • Mosyle
      • SOTI MobiControl
    • Domain Controller Certificates
    • Enrollment REST API
      • Use Cases
        • Intune-managed Linux Client
        • Non-Intune-managed Linux Client
        • Linux Server
        • Windows Server
      • Self Service Enrollment
      • API Enrollment
    • Manage Certificates
  • Advanced Configuration
    • Application Artifacts
    • Application Insights
    • Application Settings
      • Basics
      • Certificates
      • Intune Validation
      • Jamf Validation
      • DC Validation
      • Static Validation
      • Static-AAD Validation
      • Certificate Master
      • Enrollment REST API
      • Microsoft Entra ID (Azure AD)
      • Azure KeyVault
      • CRL
      • OCSP
      • Logging
      • National Cloud platforms
    • Autoscaling
    • Certificate Master Settings
      • Basics
      • Microsoft Entra ID (Azure AD)
      • Logging
      • National Cloud Platforms
    • Certificate Master RBAC
    • Custom Domain
    • Geo-Redundancy
    • Health Check
      • Using 3rd Party Monitoring
    • Intermediate CA
    • License Key
    • Log Configuration
    • Split-Tenancy
    • Update Strategy
  • NAC Configuration
    • Network Access Controllers
  • Other
    • Move SCEPman resources
    • FAQs
      • General
      • Security & Privacy
      • Certificate Connector
      • Intune implementing strong mapping for SCEP and PKCS certificates
    • Troubleshooting
      • Common Problems
      • Certifried Security Vulnerability
      • Cisco ISE Host Header Limitation
      • Intune service discovery API permissions
      • Re-enrollment trigger
    • Important Links
  • Change Log
  • Licensing
    • Azure Marketplace
  • Support
  • SCEPman Website
Powered by GitBook
On this page
  • Enable SOTI MobiControl Integration
  • SOTI MobiControl Configuration
  • Deploy SCEPman RootCA
  • Add Certificate Authority
  • Add Certificate Template

Was this helpful?

  1. Certificate Deployment
  2. Other MDM Solutions

SOTI MobiControl

Last updated 3 months ago

Was this helpful?

This feature requires version 1.6 or above.

SCEPman can be integrated with SOTI MobiControl as a Certificate Authority. By connecting both systems through SCEPman's Static SCEP interface, MobiControl-enrolled devices can obtain device certificates from SCEPman.

For more general information about other MDM solutions and SCEPman integration please check here.

Enable SOTI MobiControl Integration

SOTI MobiControl integration of SCEPman can be easily enabled via the following environment variables on SCEPman app service:

You can differentiate between the SCEPman App Service and the Certificate Master by looking for the App Service without the "-cm" in its name

Setting
Description
Value

Enable the 3rd-party validation

true to enable, false to disable

generate a 32 character password

How many days shall certificates issued via SOTI MobiControl be valid

365

Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master

true to enable, false to disable

SOTI MobiControl Configuration

Deploy SCEPman RootCA

First, you need to deploy SCEPman RootCA to all endpoints as a trusted root ca, you can download the certificate from SCEPman homepage:

Add Certificate Authority

  1. In Soti Mobicontrol, navigate to System Settings > Global Settings > Services > Certificate Authority.

  1. Click the Add button to create a new Certificate Authority.

  • Enter a name for this Certificate Authority.

  • Select Generic SCEP for Certificate Type.

  • Select SCEP for Configuration Type.

  • For the Service URL, Copy and Paste the Static MDM URL from your SCEPman Portal.

  • Enable Use Static Challenge.

  • Enter the Static Challenge that was created during Step 2. above.

  • Enable Use SCEP Client.

  • For the Thumbprint Copy and Paste the CA Thumbprint from your SCEPman Portal.

  • Set the Retries and Retry Delay as desired (or leave at Default).

Add Certificate Template

  1. Click the Add button to add a Certificate Template.

  • Enter a name for this MobiControl Template.

  • Enter a Subject Name.

The format for the Subject Name field can only be the following format: “CN=%DEVICENAME%". Clicking the gear selection will display all of the variables that can be used. Be sure to include the “CN=” at the beginning of the entry.

  • Leave Alternative Subject empty.

  • Certificate Target defaults to Device.

  • Select the desired option for the remaining fields: Certificate Usage, Key Size, Remove old certificates upon successful renewal, and Key Protection.

  • Click Add, then Save to save the Template

  1. Click Save to save the Certificate Authority.

  2. Create a Profile in Soti MobiControl to assign this to your devices. There are multiple ways of achieving this in Soti MobiControl, as such, this document will not detail those methodologies.

Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password Recommendation: Store this secret in .

(optional)

(optional)

AppConfig:StaticValidation:Enabled
AppConfig:StaticValidation:RequestPassword
Azure KeyVault
AppConfig:StaticValidation:ValidityPeriodDays
AppConfig:StaticValidation:EnableCertificateStorage
Soti MobiControl Certificate Authority Page
Soti MobiControl Certificate Authority Details
Soti MobiControl Certificate Template Detail