Configuring UEM Integration in Mobile Security Administrator Portal

This section describes the configuration steps in Harmony Mobile Administrator Portal to enable the integration with SOTI MobiControl UEM Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point..

Prerequisites

You must have these details from your SOTI MobiControl UEM deployment:

• Server Address - URL of your SOTI MobiControl Web Console.

• Username and Password - Username and Password in the SOTI MobiControl Web Console. See Creating Users.

• Client ID and Client Secret - Client ID and Client Secret generated in the SOTI MobiControl Web Console. See Creating Client ID and Client Secret.

• Security Group(s) - Device groups created in SOTI MobiControl UEM to which the devices are registered. See Creating a New Device Group.

Configuring UEM Integration Settings

1. Log in to Check Point Portal and access the Mobile Security Administrator Portal.

2. Go to Settings > Integrations.

3. To create a new integration, click +Add > UEMs.

4. From the UEMs list, select SOTI and click Next.

   

   The SOTI integration wizard appears.

5. Configure these settings:

   1. Server Details

   2. Synchronization

   3. Tagging

   4. Deployment

Server Details

In the Server Details section, enter these:

1. Display Name - Name of your integration.

2. Server Address - URL to access the SOTI MobiControl Web Console.

   Note - Enter only the server address as provided, for example, https://a000111.mobicontrol.cloud/). Do not add extra path elements such as https://a000111.mobicontrol.cloud/api.

3. (Optional) If the UEM server uses a self-signed certificate for external communication, select the Server uses self-signed certificate checkbox. Upload the certificate directly (use CER file format base64 [PEM] encoded) or paste the certificate text directly in the box.

   

4. Username - Username in the SOTI MobiControl Web Console.

5. Password - Password for the above username.

6. Client ID - Client ID generated in the SOTI MobiControl Web Console.

7. Client Secret - Client Secret generated in the SOTI MobiControl Web Console.

8. Click Verify and then Next.

Synchronization

Configure the device groups in SOTI MobiControl UEM that you want to synchronize with Mobile Security Administrator Portal. The system automatically populates the list of device groups from the SOTI MobiControl Admin Console.

1. From the Groups list, select the device group(s).

2. In the Android Enterprise Groups field, select the groups deployed as part of the SOTI MobiControl UEM Android Enterprise deployment.

3. In the Advanced section, select the relevant Import checkboxes to import Personally Identifiable Information (PII) and set the synchronization intervals.

   You can limit the import of the PII devices (users) to Mobile Security.

   Note - If you do not select any checkbox to import PII, the placeholder information set for the email address is placed in the device owner's email in this format: UEMDevice UDID@vendor.UEM.

   This table describes the different interval configuration settings and their values:

   Setting	Description	Values
   Device sync interval	Interval to connect with UEM to synchronize the devices.	10-1440 minutes, in 10 minute intervals.
   Device deletion threshold	Percentage of devices allowed for deletion after UEM device sync (in %).	0-100% Note - Use 100% for no threshold. 100% value is recommended for: Evaluation/test usage - When you are adding a small amount of devices. Planned bulk deletion of devices from the UEM (see sk184319). After the devices are deleted from the Mobile Security Admin Portal, set it back to a safer value (such as 5–10%) to prevent accidental mass deletions in the future.
   Device deletion after	Delay device deletion after several sync attempts. The device is deleted after this number of sync attempts that confirmed deletion.	1-100 sync attempts.
   App sync interval	Interval to connect with UEM to sync the applications.	10-1440 minutes, in 10 minute intervals.

4. Click Verify and then Next.

Tagging

In the Tagging section:

1. Select the device characteristics that you want to communicate to the UEM:

   • Tag device status - Device status in Mobile Security Administrator Portal

   • Tag device risk - Device risk level in Mobile Security Administrator Portal

2. Click Verify and then Next.

Deployment

In the Deployment section, the system generates a unique token which is the hashed unique identifier of your dashboard. It tells the device to which dashboard it needs to register during the UEM configuration.

1. Click the icon to copy the token. Use the token value when you perform the application configuration in the UEM.

2. In the Advanced section, keep the default settings.

3. Click Finish.

When the integration is complete, the SOTI UEM pane appears in the Integrations page.

Managing the UEM Settings

1. To view information about the integrated UEM, hover over the UEM pane and click the i icon.

   

   It shows:

   • Server Status - Latest UEM server configuration status.

   • Device sync status - Synchronized groups and the device sync status time stamp.

   • App sync status - Last time applications were fetched from the UEM (Applicable for iOS deployment only).

   • Tagging status - Device tag details sent to the UEM.

   • Deployment status - Deployment configuration and deployment status.

     

2. To manage the UEM settings, hover over the UEM pane and click theicon.

   

   1. To edit the UEM settings, click Edit.

   2. To force an immediate device sync without waiting for the next auto sync cycle, click Sync Now.

   3. To temporarily stop or resume the device sync process, click Pause or Resume.

   4. To remove the integration settings, click Remove.