Overview
Oloid can seamlessly authenticate users on Zebra Android devices via Oloid Credentials and then automatically log them into the SOTI Launcher. To accomplish this, Oloid needs specific SOTI API credentials and configuration details. Below is a checklist of all prerequisites and information that is needed for Oloid to set up the integration successfully.
1. SOTI MobiControl API Credentials
Oloid relies on SOTI’s OAuth-based API to programmatically log a user into the SOTI Launcher. Therefore, we require:
API Client ID
API Client Secret
These credentials allow Oloid’s lock screen application to communicate securely with SOTI MobiControl. Please make sure you obtain these from your SOTI environment (cloud or on-prem). Each SOTI environment will have a unique Client ID and Secret.
How to Obtain an API Client ID & Secret
On-Premises SOTI MobiControl:
You can generate these credentials by running theMCAdmin.exe APIClientAddcommand on the SOTI MobiControl server, which returns the new Client ID and Client Secret. For more details, refer to SOTI’sDocumentation on Generating API Credentials (or the Admin Utility documentation).Cloud-Hosted SOTI MobiControl:
If your SOTI instance is cloud-hosted, you typically need to reach out to SOTI Support to request these credentials. Let them know you require an API Client for “Resource Owner Password Credentials” token generation.
SOTI Help Article on this topic: https://www.soti.net/mc/help/v14.0/en/console/data/sotisurf/surf_find_clientID.html
Important: Please treat these credentials like sensitive passwords. Share them securely with your Oloid representative, and do not post them in any unsecured channels.
2. SOTI-Configured User Accounts
For Oloid to log in a user, SOTI MobiControl must be able to authenticate that user. Oloid will send a username and password (or equivalent token) on behalf of that user to SOTI. Hence, you must ensure:
Valid User Accounts: The users you wish to authenticate exist in the directory or identity provider (e.g., Active Directory, SOTI Identity) that SOTI MobiControl uses.
User Permissions: Each user has permission to log into shared devices in SOTI (if you are using the Shared Device mode). Ensure your SOTI device group’s Shared Device policy includes or allows these user accounts.
Depending on your environment, Oloid may only need one standard user or multiple user accounts. Please confirmwhich user accounts or AD groups you intend to use so that Oloid can map NFC badges (or other credentials) to the correct SOTI user names.
For more details, see SOTI’s Documentation on Sharing Devices and Logging into Shared Devices.
3. SOTI MobiControl Server/URL Details
Oloid needs to know where to send authentication requests:
Server URL / API Endpoint: Usually in the format
https://<YourSOTIServerURL>/MobiControl/api
Confirm the correct domain name for your deployment. (Cloud deployments sometimes have a tenant-specific subdomain, e.g.,https://tenantname.sotimc.com.)Connectivity: Ensure devices can reach the SOTI server endpoint (whether internally or over the internet). If the devices are on a private network, verify that the domain or IP is reachable from the Zebra Android device.
Check your MobiControl console or contact your SOTI admin to find the publicly reachable API endpoint. For reference, see SOTI MobiControl API - Overview.
4. Confirmation of Shared Device Mode (If Applicable)
If you want to leverage SOTI Launcher with user-based profiles, please confirm:
Shared Device is enabled on your SOTI device group.
The user(s) you plan to authenticate are allowed to log in to these devices under SOTI’s Shared Device settings.
If you are not using Shared Device mode, Oloid still needs the API Client ID/Secret to authenticate a user session in SOTI. But in most customer scenarios, Shared Device is the recommended approach for applying per-user profiles. For details, see Sharing Devices in SOTI Documentation.
5. Required Permissions / Roles
In most configurations, you do not need a special role or elevated privileges for the user accounts. However, the API Client must be allowed to:
Perform “Resource Owner Password Credentials” grant to obtain tokens on behalf of users.
Connect to the SOTI MobiControl server’s
/api/tokenendpoint.
This permission is typically granted automatically when the API client is created. If your environment has custom permissions, you may need to ensure the new API client can do token generation. You can confirm with your SOTI administrator or refer to SOTI’s MobiControl API Documentation.
6. Summary Checklist
Use this quick reference to ensure you have everything ready:
API Client ID & Secret
Typically from either the MCAdmin tool (on-prem) or SOTI support (cloud).
SOTI MobiControl Server URL / API Endpoint
Confirm the exact URL, e.g.,
https://<company>.sotimc.com/MobiControl/api.
List of User Accounts / AD Groups
The user(s) who will log in using Oloid; confirm they exist in SOTI’s user directory.
Shared Device Mode (If Applicable)
Confirm you have configured SOTI Shared Devices and that these user accounts can log in.
Confirmation of Permissions
Ensure the API client can create tokens.
Additional SOTI References
For more information on setting up SOTI MobiControl for API access, see these SOTI resources:
SOTI MobiControl API - Official Documentation
Obtaining an API Client ID & Secret (On-Premises)
Refer to the MCAdmin.exe utility commands in SOTI documentation to create a new API client.SOTI Support
For guidance on any issues with generating or managing your API credentials.
Questions or Assistance
If you have questions about these requirements or run into issues obtaining the credentials, please reach out to your Oloid representative or consult SOTI Support. Once we receive the needed credentials and configuration info, Oloid will proceed with the integration to ensure a seamless Oloid Credential-based login experience into the SOTI Launcher.