NOTE: Applies to Android devices only.
Mobile Access Management supports MDM integration with SOTI MobiControl.
Android Requirements
- The Imprivata Locker Android app must be granted Lock Task permissions in the MDM. In SOTI, this is lockdown mode.
- The Locker app must be added to the allowlist in your MDM.
Locker App Registration
The integration of Mobile Access Management with SOTI MobiControl requires that you configure the API Integration and Android Locker App.
- In the MAM console, navigate to Admin > MDMs. Click + Add, and select SOTI MobiControl.
- Switch the API Integration setting to ON. Click Configure. In the configuration dialog, add API settings that you obtained from the SOTI MobiControl console.
Set Up SOTI MobiControl
Configure the enterprise bindings, if you have not already done so. This is a one-time configuration task.
To configure enterprise bindings:
- In the SOTI console, navigate to Global Settings > Enterprise Bindings.
- In the Managed Enterprise section, click + and then Continue to add the Google Enterprise account to the enterprise bindings.
To add a device group for the
GroundControl Android devices:
- In the SOTI console, navigate to Devices and click New Group.
- Select New Root Group.
- In the Create Group dialog, type a group name. Click Create.
- In the SOTI console, navigate to Policies > Apps and click New App Policy.
- In the Create App Policy dialog, select Android > Android Enterprise.
- On the General tab, type a name in the App Policy Name box.
- On the Apps tab, click + to add apps to the policy.
- On the Select Apps page, in the Apps section, select the Google Managed Enterprise account you added.
- Click Managed Google Play.
- Add the Imprivata Locker app from the Managed Google Play Store.
- Add any other apps, as needed.
- In the SOTI console, set the Manufacturer Serial Number device property to Searchable.
- In the SOTI console, click the gear icon for the Imprivata Locker app.
- Click the Enable Managed App Config toggle.
- Enter AppConfig values from the GroundControl admin console:
- Add three new keys for the AppConfig and paste the values you copied from the GroundControl MDM tab:
- Mobile Access Management MDM ID
- Mobile Access Management Server
- Device Identifier
Configure SOTI Lockdown Mode
SOTI‘s Lockdown mode replaces the standard device home screen with a customizable launcher interface that provides the user access to authorized apps and device features only. SOTI‘s Lockdown mode enables the ability to install the Imprivata Locker app in lock mode so the user cannot skip it.
SOTI Lockdown Mode and Imprivata Locker
When you configure SOTI Lockdown mode with the Imprivata Locker app, GroundControl will use the lock task from SOTI lockdown and will lock the device.
IMPORTANT: If an app is not explicitly included in the SOTI Lockdown mode, there will be restrictions when trying to access or invoke that app while the lockdown is in place.
To configure SOTI Lockdown mode:
- Set up SOTI using the tasks above.
- In the SOTI console, navigate to Configurations > Profiles. You can either create a new profile, or edit an existing profile for Lockdown mode.
- On the Configurations page of the profile, click + to add a configuration to the profile.
- In the Restrictions section, click Lockdown.
- On the Device Control tab, in the Custom Home Screen section, in Add Home Screen Items, click +.
- Add the Imprivata Locker app.
- Add any other apps and adjust the display order of the home screen items, if needed. The user will only get access to the selected apps.
- In the Lockdown Type section, select Native.
- Enable Home Button.
- Enable Keyguard.
- Enable Power Menu.
- In the Security section, click Authentication.
- In the Device Administrator section, in the Password box, type a password for the administrator. This allows the administrator the ability to exit from SOTI Lockdown.
- Click Save.
- Apply the profile to the device group.
Enroll Devices
Create an enrollment policy for the devices.
- In the SOTI console, navigate to Policies > Enrollment > All Policies.
- Click + New Enrollment Policy and select Android Enterprise.
- On the General page, enter the following information:
- Type a name for the policy.
- Optionally, type a meaningful description.
- In the Enterprise Bindings section, select Managed as the Google Account Type.
- Select the Managed Enterprise Account created in the previous task.
- On the Device Type page, select the management type for this Enrollment policy.
- Select Work Managed.
- On the Groups page, in the Device Group section, select the device group destination for the devices.
- On the Settings page, click Finish.
- Take note of the Enrollment ID for later use when enrolling a device.
SOTI device enrollment begins with a factory reset of the device.
To enroll a device:
- Wipe the device by using the full factory reset.
- Turn on the newly reset device.
- On the Welcome screen, select your language.
- Connect to the Wi-Fi, and then choose NEXT.
- Accept the Google Terms and conditions, and then choose NEXT.
- On the Google sign-in screen, enter afw#mobilecontrol instead of a Gmail account, and then choose NEXT
- Choose INSTALL for the MobiControl client app.
- Enter the Enrollment ID you saved in step 7 of the Create an Enrollment Policy task.
- Complete the enrollment.