Create basic user accounts for your end users if you are not integrating a directory service with Workspace ONE UEM. You can create basic accounts quickly and dispose of them easily, making them useful for testing purposes.

Pros

  • Can be used for any deployment method.
  • Requires no technical integration.
  • Requires no enterprise infrastructure.
  • Can enroll into potentially multiple organization groups.

Cons

  • Credentials only exist in Workspace ONE UEM and do not necessarily match existing corporate credentials.
  • Offers no federated security.
  • Single sign on not supported.
  • Workspace ONE UEM stores all user names and passwords.
  • Cannot be used for Workspace ONE Direct Enrollment.

Create Basic User Accounts

You can create basic user accounts for each user to authenticate and log in to the Workspace ONE UEM system. You can then send basic users a notification with instructions on activating their account including a password reset link that expires in 24 hours.

This topic details creating user accounts one at a time. To create user accounts in bulk, see Batch Import Users and Devices.

  1. Navigate to Accounts > Users > List View, select Add then Add User. The Add / Edit User page displays.
  2. In the General tab, complete the following settings to add a basic user.
    Setting Description
    Security Type Select Basic to add a basic user.
    Username Enter a username which is used by the device end user to log in.
    Password Enter a password that the user can use to log in.
    Confirm Password Confirm the password.
    Full Name Complete the First Name, Middle Name, and Last Name of the user.
    Display Name Represent the user in the UEM console by entering a name.
    Email Address Enter or edit the user's email address.
    Email user name Enter or edit the user's email user name.
    Domain Select the email domain from the drop-down setting.
    Phone Number Enter the user's phone number including plus sign, country code, and area code. This option is required if you intend to use SMS to send notifications.
    Enrollment
    Enrollment Organization Group Select the organization group into which the user enrolls.
    Allow the user to enroll into additional Organization Groups

    You can allow the user to enroll into more than one organization group.

    If you Enable this option but leave Additional Organization Groups blank, then any child OG created under the Enrollment Organization Group can be used as a point of enrollment.

    Additional Organization Groups

    This setting only appears when the option to allow the user to enroll into additional OGs is Enabled.

    This setting allows you to add additional organization groups from which your basic user can enroll.

    User Role Select the role for the user you are adding from this drop-down setting.
    Notification
    Message Type Select the type of message you want to send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number option.
    Message Template

    The basic user activates their account with this notification. For security reasons, this notification does not include the user's password. Instead, the notification includes a password reset link. This password reset link expires in 24 hours automatically.

    Select the template for email or SMS messages by selecting one from this drop-down setting. Optionally, select Message Preview to preview the template and select the Configure Message Template to create a template.

  3. You can optionally select the Advanced tab and complete the following settings.
    Setting Description
    Advanced Info Section
    Email Password Enter the email password of the user you are adding.
    Confirm Email Password Confirm the email password of the user you are adding.
    User Principal Name Enter the principal name of the basic user. This setting is optional.
    Category Select the User Category for the user being added.
    Department Enter the user's department for administrative purposes.
    Employee ID Enter the user's employee ID for administrative purposes.
    Cost Center Enter the user's cost center for administrative purposes.
    Certificates Section
    Use S/MIME

    Enable or Deactivate Secure Multipurpose Internet Mail Extensions (S/MIME).

    If enabled, you must have an S/MIME-enabled profile and you must upload an S/MIME certificate by selecting Upload.

    Separate Encryption Certificate

    Enable or Deactivate encryption certificate.

    If enabled, you must upload an encryption certificate using Upload. Generally, the same S/MIME certificate is used for signing and encryption, unless a different certificate is expressly being used.

    Old Encryption Certificate

    Enable or deactivate a legacy version encryption certificate.

    If enabled, you must Upload an encryption certificate.

    Staging Section
    Enable Device Staging

    Enable or deactivate the staging of devices.

    If enabled, you must select between Single User Devices and Multi User Devices. If Single User Devices, you must select between Standard, where users themselves log in and Advanced, where a device is enrolled on behalf of another user.

    See Device Staging for more information.

  4. Select Save to save only the new user or select Save and Add Device to save the new user and proceed to the Add Device page.