As an admin, configure Workspace ONE Boxer to support multiple managed accounts. You can add up to three managed accounts using the Workspace ONE UEM console.


Upload Workspace ONE Boxer version 5.21 or later as a public application using Workspace ONE UEM console version 2008 or later.


  1. Navigate to Apps & Books > Applications > Native > List View > Public.
  2. Select the Assign link under the Install Status column for the Boxer application. Alternatively, you can also select the edit icon and then select Save & Assign.
  3. On the Assignment screen, select Add Assignment and enter the required information.
    1. In the Distribution tab, enter the following information:
      Setting Description
      Name Enter the assignment name.
      Description Enter the description for the assignment.

      Assignment Groups

      Enter the smart group name to which you want to assign the application.

      As you enter the smart group name, options are displayed and you can select the appropriate smart group from the list.

      If necessary, you can add more assignment groups.

      App Delivery Method
      • On Demand – Deploys application to the deployment agent. The device user can decide if and when to install the application.
      • Auto – Deploys applications to a deployment Hub on a device upon enrollment. After the device enrolls, the system prompts users to install the Boxer application on their devices.
    2. In the Restrictions tab, enter the following information:
      Settings Description
      EMM Managed Access Enable this option to manage access. Only devices enrolled in EMM are allowed to install the app and receive policies below.
    3. In the Tunnel tab, enter the following information:
      Settings Description
      Android or iOS Legacy Select a VPN profile that you want to use for the application. Users access the application using a VPN, which helps ensure that application access and use is trusted and secure.
    4. In the Application Configuration tab, enter the following information:
      Settings Description
      ADD You can also manually add the configuration keys, value types, and the look up value.
      Note: These KVPs are app level settings applies across the application. If you want to apply any configuration to a specific email account, then you must add keys to Custom Account Configuration in Emails Settings to avoid any disruption.
    5. To add more configurations to your application, select Add .
      Note: Ensure that this KVP applies across the entire app. Any configurations that apply only to a specific email account must be moved to Custom Account Configuration in Emails Settings to avoid any disruption.
    6. In the Exchange Settings, tap + Add, to add additional accounts. If you do not have the + Add option, make sure you are on the Workspace ONE UEM console 2008 or newer versions.
      Boxer supports custom attributes in an enrolled user’s advanced tab. It maps these custom attributes for their secondary account. You must configure in Active Directory to avoid manually inserting inputs by users.
      Enter the following information per account level:
      Settings Description
      Account Name Enter the Exchange account name.
      Exchange ActiveSync Host Enter your EAS server URL. For SEG deployments, enter the SEG URL.
      EWS URL Enter the address of the EWS or SEG endpoint.
      Email Management If you want to associate a Mobile Email Management with this Boxer configuration, enter at least one MEM configuration.
      Domain, User, and Email Address Enter the domain name, user name, and email address. By default, the login information includes {EmailDomain}, {EmailUserName} and {EmailAddress} that are defined as lookup values in your directory service. To override these values, use custom lookup values.
      Password Enter the password.
      Note: Password field only supports lookup values, not the actual password value.
      Email Signature Enter the email signature.

      Select one of the following authentication types for end users to authenticate with Exchange using the Workspace ONE credentials:

      • Basic – Authenticates using a user name and a password.
      • Certificate – Authenticates using a certificate.
        • Select the desired Certificate Authority and Certificate Template.
      • Both – Authenticates using a certificate with a network appliance and a password to authenticate with Exchange.
      • Modern Authentication - OAuth based token authentication method for Office 365. To set up, see the Modern Authentication section.
      • Certificate-Based Authentication with Modern Authentication (CBA with Modern Authentication) - Workspace ONE Boxer supports certificate-based authentication with Modern Authentication. Boxer support SCEP. To view the supported certificates, see section Supported Certificate Authorities.

      Consider a scenario where you have set the certificate as an authentication type without enabling the SSO passcode, and the user delete and reinstall the Boxer application. At the time of reinstallation, user gets authenticate automatically as you have configured CBA as an authentication type. Such a scenario can create an attack vector for intruders who have a physical access to the device. Without an added authentication challenge, an intruder can gain access to email resources by deleting and reinstalling the Boxer application.

      To avoid such intruders, Boxer must authenticate users using the Workspace ONE credentials before allowing them to access emails. An alternative solution to requiring Workspace ONE credentials is to enable SSO workflows that restrict intruders to rest a standalone passcode.

      • Specifies number of authentication retries - specify the number of authentication retries upon failure.
      Sync Configure how to configure how to sync email and calendar.
      Notifications Enables or disables the Email Notification Service (ENS) and its behavior to provide a real-time notification.
      • ENS2 - enable or disable the ENS2 option.
      • Notification Content - Configure how information is disclosed in each notification alert.
      Spam & Phishing Reporting Enables or disables the actions to be taken on email identified as spam or phishing attack.
      Mobile Flows Enables or disables the Mobile Flows server information that Boxer can integrate with.
      Note: You cannot configure Mobile flows for multiple managed accounts in Boxer.
      S/MIME Enables or disables the S/MIME status.
      Email Classification Enables or disables the email classification option.
      • AIP Sensitivity Labels - If enabled, users can interact with AIP labels.
      • Email Classification - Enable or disable classification markings.
    7. To apply any account level configurations, add the key value pairs in Custom Account Configuration.
    8. In the App Policies, you must enable and configure Single Sign-On (SSO) to avail the MMA feature in Boxer. After you enable SSO, you cannot disable it.
    9. Enable or disable the following App policies:
      Settings Description
      App Passcode  
      • None – Does not require a passcode.
      • Numeric – Prompts the user with a numeric keyboard to set a passcode.
        • (iOS only) Biometric ID - Enable this option to use fingerprint to authenticate the application. The user is asked to enable Touch ID settings on device the first time when they are asked for their passcode and NOT when they create their passcode during the first-time setup.
        • Minimum Length - Set the minimum number of numeric characters a user's passcode must contain.
        • Timeout Minutes - Set the time in minutes until the application locks when idle.
        • Maximum Age - Set the maximum allowed days for the passcode, after which passcode expires and has to be reset. When the set number of days exceeds, the client asks the end user to create a passcode.
        • History - Determine the history of passcodes used to prevent the user from reusing passcodes.
        • Maximum Number of Failed Attempts - Determine the maximum number of failed passcode attempts before the email data in the app are erased.
      • Alphanumeric – Prompts the user with an alphanumeric keyboard to set a passcode. The list explains only those options that are different from the Numeric setting.
        • Minimum Number of Complex Characters - Set the minimum number of character sets required for the passcode.
          • Character sets include uppercase letters, lowercase letters, numbers, and symbols.

          • For example, if you select 2, then a passcode must contain at least two of the character sets preceding. It can be a number and symbol: 3!$#!$; uppercase and lowercase: RtGfH; lowercase and symbol: p!$@! and so on.
      Data Loss Prevention  
      Copy Paste

      If restricted:

      • End users cannot copy and paste content from Workspace ONE Boxer to other applications.
      • If personal accounts are enabled, end users can copy and paste between personal and work accounts. Therefore, consider disabling personal accounts to restrict the copy and paste functionality completely.
      • Share and Define options are made unavailable in the application when selecting text.
      Screenshots (Android only) Prevent users from taking screenshots from the app.
      Local Calendars Set to true to enable local calendars in Workspace ONE Boxer.
      Personal Contacts If the option is restricted, end users can access contacts only from the email accounts in the app. If unrestricted, end users can access contacts from other apps on the device.
      Allow calendar and email widget Control whether users can add a Boxer calendar or email widget to their home screen.
      Sharing These settings determine whether users can open emails or their attachments in other application. Based on your requirements, you can specify the allowed application using the Allowlist option or allow sharing in any application.
      Control Open In Enables or disables attaching of files from other apps using open-in or share into Workspace ONE Boxer.
      Control Attachments from external providers Enables or disables attachments from external providers.
      Watermark Text, Opacity, color Defines the watermark text.

      Internal Domains List

      Defines the domain that is internal and permitted
      External Recipient Warning Notifies the user while sending a message to an external user.
      Attachment Download Enables or disables users to download attachments.
      Personal Accounts

      If restricted, end users can no longer add any additional accounts to the application.  

      If end users already have Workspace ONE Boxer on their device with personal accounts configured, then they are prompted whether they want to remove their existing personal accounts now or later. End users do not receive work email through Workspace ONE Boxer until they remove all personal accounts.

      Hyperlinks When restricted, all hyperlinks opens in Workspace ONE Web.
      Caller ID

      Enable to provide Caller ID functionality for all Workspace ONE Boxer contacts.

      By enabling this feature, Workspace ONE Boxer exports names and phone numbers only to the native contacts app.

      Default Caller ID Enable the exporting of contacts, names, and phone numbers by default. This option requires the Caller ID option to be set unrestricted.
      Avatars Enable or disable avatars for the Exchange contacts.
      Allow Archiving Emails This allow or block the ability to archive emails.
      Conversation Threading Enable or disable the conversation threading.
      Enterprise Content Enable or disable Enterprise Content
      Allow End-user to Report Spam Allow users to enable the spam option.
      Crash Reporting Enables or disables reporting of crashes. By default, Boxer is allowed to report.
      Plain Text Mode Enables or disables Workspace ONE Boxer plain text mode. When set, Workspace ONE Boxer retrieves only plain text from HTML mails when syncing. Workspace ONE Boxer sends only plain text regardless of the email message format. The formatting controls in the compose view is disabled and only text can be copied and pasted from rich or HTML content.
      Refetch Empty Links using Mime For emails (fetched using HTML) that contain non-standard URL schemes, pointing to non-server domains, Exchange replaces the URL with two empty spaces. Enable or disable this policy to detect the occurrence and redownload the affected body using MIME, which is not subject to the URL replacement error.
      Anonymous Metrics Enable this option to allow collection of anonymous usage data to improve user's Workspace ONE Boxer experience. When enabled, a Data Sharing notice is displayed to user when Workspace ONE Boxer is launched. The device user can enable or disable data sharing by navigating to Settings > Privacy > Data Sharing.
      QuickJoin custom URLs Enables or disables QuickJoin buttons found in calendar invites that have online meeting invites.
  4. Select Create.