# SOTI MobiControl SCEPman can be integrated with SOTI MobiControl as a Certificate Authority. By connecting both systems through SCEPman's Static SCEP interface, MobiControl-enrolled devices can obtain device certificates from SCEPman. For more general information about other MDM solutions and SCEPman integration please check [here](/certificate-management/static-certificates.md). ## Enable SOTI MobiControl Integration SOTI MobiControl integration of SCEPman can be easily enabled via the following environment variables on SCEPman app service: {% hint style="info" %} You can differentiate between the SCEPman App Service and the Certificate Master by looking for the App Service **without** the "-cm" in its name {% endhint %} | Setting | Description | Value | | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------------------------------------------: | | [AppConfig:StaticValidation:Enabled](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-enabled) | Enable the 3rd-party validation | **true** to enable, **false** to disable | | [AppConfig:StaticValidation:RequestPassword](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-requestpassword) |

Certificate signing requests sent to SCEPman for signing are authenticated with this secure static password

Recommendation: Store this secret in Azure KeyVault.

| *generate a 32 character password* | | [AppConfig:StaticValidation:ValidityPeriodDays](/scepman-configuration/application-settings/scep-endpoints/static-validation.md#appconfig-staticvalidation-validityperioddays) (optional) | How many days shall certificates issued via SOTI MobiControl be valid | 365 | | [AppConfig:StaticValidation:EnableCertificateStorage](/scepman-configuration/application-settings/scep-endpoints/staticaad-validation.md#appconfig-staticaadvalidation-enablecertificatestorage) (optional) | Store requested certificates in the Storage Account, in order to show them in SCEPman Certificate Master | ***true*** to enable, ***false** to disable* | ## SOTI MobiControl Configuration ### Deploy SCEPman RootCA First, you need to deploy SCEPman RootCA to all endpoints as a trusted root ca, you can download the certificate from SCEPman homepage:
### Add Certificate Authority 1. In Soti MobiControl, navigate to System Settings > Global Settings > Services > Certificate Authority.

Soti MobiControl Certificate Authority Page

2. Click the Add button to create a new Certificate Authority.

Soti MobiControl Certificate Authority Details

* Enter a **name** for this Certificate Authority. * Select `Generic SCEP` for **Certificate Type**. * Select `SCEP` for **Configuration Type**. * For the **Service URL**, Copy and Paste the Static MDM URL from your SCEPman Portal. * Enable **Use Static Challenge**. * Enter the **Static Challenge** that was created during Step 2. above. * Enable **Use SCEP Client**. * For the **Thumbprint** Copy and Paste the CA Thumbprint from your SCEPman Portal. * Set the **Retries** and **Retry Delay** as desired (or leave at Default). ### Add Certificate Template 3. Click the Add button to add a **Certificate Template**.

Soti MobiControl Certificate Template Detail

* Enter a **name** for this MobiControl Template. * Enter a **Subject Name**. {% hint style="info" %} The format for the **Subject Name** field can only be the following format: “CN=%DEVICENAME%". Clicking the gear selection will display all of the variables that can be used. Be sure to include the “CN=” at the beginning of the entry. {% endhint %} * Leave **Alternative Subject** empty. * **Certificate Target** defaults to `Device`. * Select the desired option for the remaining fields: **Certificate Usage**, **Key Size**, **Remove old certificates upon successful renewal**, and **Key Protection**. * Click Add, then Save to save the Template 4. Click **Save** to save the Certificate Authority. 5. **Create a Profile** in Soti MobiControl to assign this to your devices. There are multiple ways of achieving this in Soti MobiControl, as such, this document will not detail those methodologies. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.scepman.com/certificate-management/static-certificates/soti-mobicontrol.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.