Configure the SOTI MobiControl Connector in the Lookout MES Console
Once you have created an enrollment device group and custom attributes for syncing device state between Lookout and SOTI MobiControl, you can create your SOTI MobiControl connector in the Lookout MES Console. If you have multiple tenants, you must repeat the following steps to connect to each of them:
- Log into Lookout MES console.
- Click Integrations.
- Click the tile SOTI MobiControl under "Choose a product to set up".The SOTI MobiControl connector page opens.
- Under Connector Settings, fill out the following:
Name Description Label for this MDM connection (Optional) A user-friendly name for the connector.
If you have multiple connectors configured, this label displays in the MDM column of the Lookout MES Console Devices list so that you can determine which connector and instance a device belongs to.
SOTI MobiControl URL (required) (Required) Your SOTI MobiControl cloud or on-premise URL. Username (Required) Username for the SOTI MobiControl API user. Password (Required) Password for the SOTI MobiControl API user. Client ID (Required) On the MobiControl WebConsole:
- Click Hamburger menu > Global Settings > Services.
The Client ID will be here for future reference.
Client Secret (Required) On the MobiControl WebConsole:
- Click Hamburger menu > Global Settings > Services.
- Click the plus button and a dialog will appear.
- Enter an API Client name and click GENERATE.
Note: IMPORTANT: The Client Secret shown here will NOT appear again so be sure to copy the Client Secret somewhere safely.
- Click Create Integration.If creation is successful, a banner notification appears and additional sections become enabled.
If you get a certificate error, click Certificate Details. Otherwise continue with Step 6.
- Look for errors on the certificate details screen.Typical errors include expired or broken certificates as shown here:
Error How to Fix the Error Expired certificate The certificate expiration date is in the past. Replace the MDM certificate with a new certificate. Broken certificate. One or more intermediate certificates do not validate correctly. Replace the MDM certificate with a valid certificate. - Retry entering all required information into the Integration connector.
- Look for errors on the certificate details screen.
- Scroll down to Enrollment Management and enter the following:
Field Value Automatically drive Lookout for Work enrollment on SOTI managed devices ON Select the group which contains devices that should be enrolled in Lookout for Work: Select your enrollment Group as set in Create a Device Group and Custom Attributes. How often should Lookout check for new devices? Lookout recommends using the default 5 minute interval. Automatically send activation emails to SOTI managed devices OFF. For an MDM integration, drive enrollment through your MDM, not via Lookout MES Console invitation emails. Delete device on unenrollment ON - Scroll down to State Sync and choose the custom attributes you created in Create a Device Group and Custom Attributes. (If you choose not to synchronize a specific state to SOTI MobiControl, leave the corresponding toggle off):
Field Value Synchronize device status to SOTI MobiControl ON Devices with Lookout activated ON - Lookout_Device_Activation_State Devices that are unreachable by Lookout ON - Lookout_Device_Unreachable Devices that have lost connectivity with Lookout ON - Lookout_Device_Disconnected Devices with any issues present ON - Lookout_Issue_State_Level - If you have purchased the feature to add specific Risk Classifications to synchronize with your MDM you can add them using this procedure.Otherwise continue on to step 9.
If you purchased the feature to add Risk Classifications to synchronize with your MDM, a Risk Classification section is visible in the Lookout connector.
- In your MDM, follow the steps in Create a Device Group and Custom Attributes for Device State Sync to define an additional unique custom attribute for each risk classification you want to synchronize with your MDM.Here are some examples:
Example Risk Classification Example Custom Attribute Example Description Phishing and Content Protection Disabled Lookout MES - PCP Disabled Devices with PCP disabled VPN Permission Not Accepted Lookout MES - VPN Prohibited Devices with VPN Permission not accepted - In the Lookout connector Risk Classification section (visible only if you purchased this feature), follow these substeps:
- Click Add Risk Classification.
- Set to Enable.
- Choose the desired risk classification from the dropdown to synchronize with your MDM.
Note:
NOTE: Risk classification synchronization occurs only if a state sync event occurs.
- Choose the custom attribute for the selected risk classification from the dropdown to synchronize with your MDM.
Note:
NOTE: If you choose not to synchronize a specific state to your MDM, leave the corresponding toggle off.
- Repeat steps i - iv for each additional risk classification you want to synchronize with your MDM.
Note:
NOTE: Each risk classification you add here must have a corresponding unique custom attribute defined in your MDM.
- In your MDM, follow the steps in Create a Device Group and Custom Attributes for Device State Sync to define an additional unique custom attribute for each risk classification you want to synchronize with your MDM.
- Scroll down to Error Management and enter an email address for error reporting.
- (Optional) Scroll down to Group Management and enter a Lookout MES Console Device Group for new devices from this connector.
By default, new devices are added to the Default Group in the Lookout MES Console. For more information about Device Groups, see the Lookout MES Console Administrator's Guide.
- Scroll up and click Save Changes in the top right corner.You can review connector settings from the Integrations module at any time.
