Overview

Issuing a device to every employee in certain organizations can be expensive. Workspace ONE ™ UEM lets you share a mobile device among end users in two ways: using a single fixed configuration for all end users, or using a unique configuration setting for individual end users.

Shared Device/Multi-User Device functionality ensures that security and authentication are in place for every unique end user. And if applicable, shared devices allow only specific end users to access sensitive information.

When administering shared devices, you must first provision the devices with applicable settings and restrictions before deploying them to end users. Once deployed, Workspace ONE UEM uses a simple login or log-out process for shared devices in which end users simply enter their directory services or dedicated credentials to log in. The end-user role determines their level of access to corporate resources such as content, features, and applications. This role ensures the automatic configuration of features and resources that are available after the user logs in.

The login or log-out functions are self-contained within the AirWatch Agent. Self-containment ensures that the enrollment status is never affected, and that the device is managed whether it is in use or not.

Shared Devices Capabilities

There are basic capabilities surrounding the functionality and security of devices that are shared across multiple users. These capabilities offer compelling reasons to consider shared devices as a cost-effective solution to making the most of enterprise mobility.

  • Functionality
    • Personalize each end-user experience without losing corporate settings.
    • Logging in a device configures it with corporate access and specific settings, applications, and content based on the end-user role and organization group (OG).
    • Allow for a log in/log out process that is self-contained in the AirWatch Agent.
    • After the end user logs out of the device, the configuration settings of that session are wiped. The device is then ready for login by another end user.
  • Security
    • Provision devices with the shared device settings before providing devices to end users.
    • Log in and log out devices without affecting an enrollment in Workspace ONE UEM.
    • Authenticate end users during a login with directory services or dedicated Workspace ONE UEM credentials.
    • Manage devices even when a device is not logged in.

Platforms that Support Shared Devices

The following devices support shared device/multi-user device functionality.

  • Android 4.3+,
  • iOS devices with AirWatch Agent v4.2+,
  • MacOS devices with AirWatch Agent v2.1+.

Give Shared Devices Their Own OG

If you want your shared devices to contain profile and policy settings not found on single user devices, you can give shared devices their own OG. Giving shared devices their own organization group makes the distribution of specialized content easy. For more information, see Define the Shared Device Hierarchy.

Shared Device Configuration

Before multiple people can use a device, it must first be "staged" by an administrator, or configured to be a multi-user device. For more information, see Configure Shared Devices.

Logging in and Logging Out

When you log in to and out of a shared device, it gets treated differently by Workspace ONE UEM than single user devices. When a user logs in, Workspace ONE UEM immediately pushes the profile, apps, and policy specific to that user role and organization group. When the user logs out, all configuration settings for the prior session are wiped and the device is ready for login by another user. For more information, see the following topics.