Boxer Deployment Considerations

Review the following considerations before you configure and deploy Workspace ONE Boxer.


You can use Workspace ONE Boxer on iOS and Android devices enrolled and managed in Workspace ONE UEM or using standalone enrollment.

Typical enrollment uses the Workspace ONE Intelligent Hub to enroll the device into Workspace ONE UEM. You can also enroll devices through Workspace ONE step-up enrollment.

Standalone enrollment is unique to Workspace ONE Boxer. This enrollment method allows end users to download the Workspace ONE Boxer app from the App Store or the Google Play Store without enrolling first. When the end user configures Workspace ONE Boxer, they must provide their login credentials such as their user name, password, server URL, and group ID.

Standalone Enrollment supports (optional) Workspace ONE UEM Autodiscovery that can be configured on the UEM console. Autodiscovery system allows end users to enroll devices to environments and organization groups (OG) using their email addresses. The server URL and user group ID are pre-populated on the end-user devices from the Autodiscovery Service during standalone enrollment.

Workspace ONE UEM does not support Boxer web-enrollment and only publishing Boxer as a managed application.

Starting Workspace ONE Boxer 22.02, Workspace ONE Boxer supports SAML authentication for standalone enrollments. SAML authentication allows faster authentication process and less expectation from a user to remember multiple login credentials. To configure the SDK passcode, see the Security Policies Profiles for the SDK section in the SDK and Managing Applications documentation at VMware Docs.

For more information on the Autodiscovery setup and configuration, see the VMware Workspace ONE UEM Mobile Device Management Documentation.


As an admin, you can upload S/MIME certificates from the UEM console (v9.0+). End users can upload the certificates to the Self Service Portal (SSP) or can send the certificates as email attachments for the installation on their device. To allow users to decrypt and view emails that are encrypted using expired S/MIME encrypted emails, upload the expired certificate at Accounts > User > Edit > Advanced > Certificates > Old Encryption Certificate. Once uploaded, the device users can view the expired certificate. Navigate to Boxer > Settings > Account > SMIME > Sign and/or Settings > Account > SMIME > Encrypt..

Note: An email user can have an S/MIME certificate that has multiple email addresses. You can scan such certificate that has multiple identities through a list of addresses for signing and encryption.

If you want to avoid transition of S/MIME certificates and certificate passwords through the VMware cloud, you can always sideload S/MIME certificate for Boxer using the Workspace ONE Web. For information about how to sideload S/MIME certificate, see Sideload S/MIME Certificates from Workspace ONE Web to Boxer.

Historical S/MIME Certificates

You can decrypt and read old S/MIME emails that have been encrypted with older certificates of encryption. You can parse old certificates from different sources, store those certificates, and ensure that these certificates are processed properly so that old emails can be successfully read.

Common Criteria Certification

Workspace ONE Boxer version 5.4 is declared as a National Information Assurance Partnership (NIAP) Common Criteria evaluated product. It has been certified in compliance with the international security standard for the application software, defined under the Common Criteria Recognition Arrangement (CCRA). Boxer is the first email client to receive the international Common Criteria security certification.

For more information about setting up Workspace ONE Boxer in complete NIAP certified mode, see NIAP.

Enterprise Content Support for Boxer

Enterprise Content integrates a part of the VMware Workspace ONE Content application with Boxer to browse online repositories. Users can view email attachments, attach files to emails from online repositories, and save attachments from emails to online repositories. To access online repositories, you must configure the supported repositories in the UEM console. For information about the configuration of the enterprise content, see Enterprise Content section in Application Configuration for Workspace ONE Boxer.

Supported features of Enterprise Content:

  • Enterprise Content supports the following online repositories:

    • SharePoint
    • Network File System
    • SharePoint in Office 365.
    • OneDrive for Business.
    • Managed Content from the UEM console added by the administrator.
    • User added repositories.

      Note: To support on-premises SharePoint, access to SharePoint and the device must be in the same network domain.

  • Save email attachments to repositories.

  • Compose a new email with an attachment from an online repository.
  • Compose an email and attach one or more files from the Boxer Files.
  • Reply to an email with one or more attachments from an online repository.
  • Sort saved files by size, alphabets, and date modified.
  • View a repository’s information from the Boxer Settings.

The following list describes the limitations of Enterprise Content

  • Users cannot edit documents present in the repositories as this functionality is available only in the Workspace ONE Content application.
  • User added repositories are supported only on iOS devices.
  • Enterprise Content does not support the local storage of the Content application.
  • The Exchange server sets the email size limit.
  • Search option is applicable for iOS devices only and is limited to the folders that users have traversed.
check-circle-line exclamation-circle-line close-line
Scroll to top icon