SOTI MobiControl

SCEPman can be integrated with SOTI MobiControl as a Certificate Authority. By connecting both systems through SCEPman's Static SCEP interface, MobiControl-enrolled devices can obtain device certificates from SCEPman.

For more general information about other MDM solutions and SCEPman integration please check here.

Enable SOTI MobiControl Integration

SOTI MobiControl integration of SCEPman can be easily enabled via the following app configurations:

Setting	Description	Value
AppConfig:StaticValidation:Enabled	Enable the 3rd-party validation	true to enable, false to disable
AppConfig:StaticValidation:RequestPassword	Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password Recommendation: Store this secret in Azure KeyVault.	generate a 32 character password
AppConfig:StaticValidation:ValidityPeriodDays (optional)	How many days shall certificates issued via SOTI MobiControl be valid	365
AppConfig:StaticValidation:EnableCertificateStorage (optional)	Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master	true to enable, false to disable

Setting

Description

Value

AppConfig:StaticValidation:Enabled

Enable the 3rd-party validation

true to enable, false to disable

AppConfig:StaticValidation:RequestPassword

Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password Recommendation: Store this secret in Azure KeyVault.

generate a 32 character password

AppConfig:StaticValidation:ValidityPeriodDays (optional)

How many days shall certificates issued via SOTI MobiControl be valid

365

AppConfig:StaticValidation:EnableCertificateStorage (optional)

Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master

true to enable, false to disable

SOTI MobiControl Configuration

Add Certificate Authority

In Soti Mobicontrol, navigate to System Settings > Global Settings > Services > Certificate Authority.

Click the Add button to create a new Certificate Authority.

Enter a name for this Certificate Authority.
Select Generic SCEP for Certificate Type.
Select SCEP for Configuration Type.
For the Service URL, Copy and Paste the Static MDM URL from your SCEPman Portal.
Enable Use Static Challenge.
Enter the Static Challenge that was created during Step 2. above.
Enable Use SCEP Client.
For the Thumbprint Copy and Paste the CA Thumbprint from your SCEPman Portal.
Set the Retries and Retry Delay as desired (or leave at Default).

Add Certificate Template

Click the Add button to add a Certificate Template.

Enter a name for this MobiControl Template.
Enter a Subject Name.

The format for the Subject Name field can only be the following format: “CN=%DEVICENAME%". Clicking the gear selection will display all of the variables that can be used. Be sure to include the “CN=” at the beginning of the entry.

Leave Alternative Subject empty.
Certificate Target defaults to Device.
Select the desired option for the remaining fields: Certificate Usage, Key Size, Remove old certificates upon successful renewal, and Key Protection.
Click Add, then Save to save the Template

Click Save to save the Certificate Authority.
Create a Profile in Soti MobiControl to assign this to your devices. There are multiple ways of achieving this in Soti MobiControl, as such, this document will not detail those methodologies.

PreviousMosyle NextDomain Controller Certificates

Last updated 3 days ago