Before you can do anything in Workspace ONE UEM powered by AirWatch, you must first log in to the console.

Before you can log in to the Workspace ONE UEM console, you must have the Environment URL and log in credentials. How you obtain this information depends on your type of deployment.

  • SaaS Deployment – Your Account Manager provides your Environment URL and user name/password. The URL is not customizable, and generally follows the format of
  • On-premises – The on-premises URL is customizable and follows the format awmdm.<YourCompany>.com.

Your Account Manager provides the initial setup credentials for your environment. Administrators who create more accounts to delegate management responsibility can also create and distribute credentials for their environment.

After your browser has successfully loaded the UEM console Environment URL, you can log in using the User Name and Password provided by your Workspace ONE UEM administrator.

  1. Enter your User Name.
    • The Workspace ONE UEM console saves the user name and the type of user (SAML or non-SAML) in the browser cache.
      • If SAML user, admin is directed to SAML login.
      • If non-SAML user, admin must enter a password.
    • If the Remember check box is enabled, then the User Name text box is pre-populated with the last logged-in user the next time you visit your Environment URL.
  2. Enter your Password.
    • If you are logging in for the first time, you are prompted for the login password. Enter it to proceed.
    • If you have logged in before and you are allowing your default browser to remember user names and passwords, then the Password text box auto-completes with the password saved in the browser cache.
  3. Select the Log In button.
    • Your default home screen (which is customizable) opens upon login. Learn how to customize your home screen by visiting Header Menu.

Session Timeouts and Logouts

There are two basic scenarios under which you can be logged out of the Workspace ONE UEM console.
  1. Explicit Logout (including closing the browser window and inactivity logouts.)
    • If you have configured your default browser to remember your user name and password, then upon the next login, the browser pre-populates the user name text box with the last user to log in successfully.
    • If you have configured your browser to forget user names and passwords, then the user name and type of user (SAML / non-SAML) are wiped from the browser cache.
  2. Session Invalidation (including load balancer issues and sessions timeouts due to admin setting.)
    • Non-SAML users log back in using a saved user name and selecting the Log In button.
    • SAML users can log back into the console without any clicks.

Login Lockouts

System Administrators and AirWatch Administrators can configure the Maximum invalid login attempts before admins are locked out of the console by navigating to Groups & Settings > All Settings > Admin > Console Security > Passwords.

You are locked out from the UEM console in two scenarios: 1) when you make failed login attempts greater than the maximum number of invalid login attempts and 2) when you answer your password recovery question incorrectly three times while trying to reset your password. The default amount of time admins are locked out of the console is 10 minutes.

When this happens, you must either reset your password using the troubleshooting link on the login page or you must get assistance from an admin to unlock your account using the Admin List View. You receive an email notification when your account is locked and again when it becomes unlocked. For more information, see Research Account Lockout Console Events.

Password Expiration

Basic administrators are notified by email 5 days before their password expires with another email notification the day before. On-premises administrators can change this default 5-day period by navigating to Groups & Settings > All Settings > Admin > Console Security > Passwords while in the Global organization group. Dedicated SaaS administrators must contact support to make changes to this setting.

You can make a custom password expiration notification for your admins by navigating to Groups & Settings > All Settings > Devices & Users > General > Message Template and select 'Administrator' as the Category and 'Admin Password Expiry Notification' as the Type.

For information about Enrollment User Password Settings, which are managed separately from Admin Console Passwords, see the system settings page by navigating to Groups & Settings > All Settings > Devices & Users > General > Passwords.