Before VMware Workspace ONE UEM version 9.3, Workspace ONE UEM Staging for macOS required a macOS to be domain joined to a directory service (Multi-Staging or Single-Staging). After the staging enrollment, an end user logs into the macOS with Domain credentials. The device then gets checked out to the corresponding directory user within the UEM console.
From VMware Workspace ONE UEM version 9.3, macOS admins are moving towards a deployment model without a domain join. VMware Workspace ONE UEM now supports this deployment model by providing a new single staging enrollment flow for a local user with the pre-registration in the UEM console. Because Workspace ONE UEM MDM can only manage one local user, the new enrollment flow to map the staging user APNs token to the directory user that is pre-registered to the device is created.
Use Cases for Single-Staging with Pre-Registration
- Admin needs the device before the end user, but does not want to domain join and use the existing local account.
- Admin does not want to domain join, but uses Enterprise Connect or NoMAD to keep the password synced.
- Admin wants the device for setup, then integrate the API to an internal device checkout system.
- Admin creates their own custom GUI authentication dialog box which calls a Workspace ONE UEM API to switch the device to the end user.