Soti surf with LDAP

Soti surf with LDAP

we are trying to configure Soti Surf with Ldap authentication . when we are trying to login it is giving error . 

login failed verify your credential try again .

1. LDAP configuration in global setting done

2. soti surf installed on seprate server other the mdm app server

 

  • 09 January 2019
  • SOTI MobiControl
  • 8 Answers
  • 0 Upvote
  • 1 Follower
  • 1.2K Views
    • 8 Answers
    • 0 Upvote
    • 1 Follower

8 Answers

Order By:   Standard | Newest | Votes
Raymond, Chan | posted this 09 January 2019

Have you verified basic functionalities of LDAP authentication in simpler case such as device enrollment (you have to modify the authentication option of an existing add-devices rule)?

 

Does your ERG (item (2) in your post) has access (port 443) to your MobiControl server instance?

  • 0
  • 0
Support Staff | posted this 09 January 2019

Hello Anil, 

 

Thank you for requesting an answer from SOTI Support Staff.

 

Raymond has brought up a good way of doing a "base test" to confirm that your setup of LDAP is working as expected.

 

Here is a screenshot and link to the help file assistance when configuring SOTI SURF.

 

As much as I would like to assume the ERG was installed I do not see any mention of this, by name, in your post.  Please note the highlighted section in the following image.   I have included a link for quick reference afterwards.

 

https://www.soti.net/mc/help/v14.1/en/console/configurations/profiles/configurations/categories/sotiapps/surf.html

 

 

Hope this helps!

 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0
Anil | posted this 14 January 2019

Thanks Raymond ,

 

now we are able to loin threw LDAP. in global security setting LDAP was not enabled .

this Soti surf will pass all traffic from device to internal servers ?? including soti surf browser and other device application traffic?? 

  • 0
  • 0
Raymond, Chan | posted this 14 January 2019

Soti Surf will only route its own traffic destined for intranet sites (based on domains configured in "Intranet Gateway" option in Soti Surf profile payload)  through the ERG  , and its remaining traffic for whitelisted/non-blacklisted internet sites goes directly between the device and the corresponding sites.   However, you can keep a log of all internet and intranet sites visited, and have it transferred to the server for possible audit with a file-sync rule.

 

Traffic of other applications are not affected by ERG.  If your device/platform supports global or per-app  firewall policy profile payload, you can use such policy to restrict such traffic for all or specific apps.

 

  • 0
  • 0
Anil | posted this 16 January 2019

in my case application is not accessible on the device network . we have given access to the application on the Surf server . so it will be accessible on the device ???

  • 0
  • 0
Raymond, Chan | posted this 16 January 2019

Is your application on the device a web app running on any web browser app on your device? Or is it a non-web app installed from an apk or from Google Play store?

 

  • 0
  • 0
Anil | posted this 16 January 2019

As of now we are testing on web application only . but in future  we want it for device application also which is in house developed .

  • 0
  • 0
Raymond, Chan | posted this 16 January 2019

So, as of now, you can run your web app on Soti-Surf browser app on the device.   Assuming that your application server is in your corporate intranet, your device is outside the intranet, and an ERG has been installed in a DMZ in between.  If you deploy a "Soti Surf" profile payload with intranet gateway enabled and your app-server domain included, then your web app running on Soti-Surf app on the device can communicate with your app server via an encrypted connection.  You can of course enable LDAP authentication and timeout options in your "Soti Surf" profile payload. 

 

If in the future your app is re-implemented in-house as a standalone apk, you will then not be able to use the above approach.  You have to check if your device/platform has VPN or firewall policy supported to  create secured and authenticated connection to your app server.

 

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback