Workspace ONE Cards fetches configurations through the SDK profile from the Workspace ONE UEM console. These configurations include Exchange Server settings and other security policies. Workspace ONE Cards connects with the Exchange Server based on the authentication method configured in the UEM console, and upload contacts to the Exchange Server after scanning on the device.

You can configure the SDK profile to apply either general or application-specific settings for Workspace ONE Cards. For app-specific settings, configure the Custom Settings payload of the SDK profile. You can set these app-specific settings either as a part of a configured default profile, or as a part of a custom SDK profile that you have explicitly assigned to Workspace ONE Cards.

You can assign only one SDK profile to an application, so you must select either the default or the custom SDK profile for Workspace ONE Cards. The default profile is the same for both iOS and Android, whereas custom profiles are platform-dependent. A custom SDK profile can have additional details as per your organization's requirements.

For more information about default versus custom SDK profile, see App Suite SDK Configurations from the Mobile Content Management Guide.

Configure a Default SDK Profile for Workspace ONE Cards

You can select and configure a default SDK profile to define the behavior that applies to Workspace ONE Cards.

The default SDK profile shares settings across all applications configured for a specific Organization Group (OG) and its subgroups. If you have deployed other Workspace ONE applications, such as Workspace ONE Intelligent Hub, Workspace ONE Boxer, Workspace ONE Web, or Workspace ONE Content, you do not have to configure the default SDK profile explicitly for Cards.
  1. In Workspace ONE UEM console, navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies.
  2. Configure Security Policies.
    Option Description
    Authentication Type
    Passcode Prompt end users to authenticate with a user-generated passcode when the app starts for the first time, and after an app session timeout.
    Username and Password Prompt end user to authenticate by reentering their enrollment credentials when the app starts for the first time, and after an app session timeout.
    Disabled Allow the user to open apps without entering credentials.
    SSO
    Enabled Establish a single app session across all Workspace ONE UEM and Workspace ONE UEM wrapped apps.
    Disabled Establish app sessions for each app.
    Offline Access
    Enabled Allow end users to open and use Workspace ONE UEM and wrapped apps when disconnected from Wi-Fi. When the device is offline, the Workspace ONE UEM applications cannot perform downloads. For a successful download, users must connect their device to Internet. Configure the Maximum Period Allowed Offline to set limits on the offline access.
    Disabled Remove access to Workspace ONE UEM and wrapped apps on offline devices.
    Compromised Protection
    Enabled If enabled, this option overrides the MDM protection. App level Compromised Protection blocks the compromised devices from enrolling, and enterprise wipes enrolled devices that report a compromised status.
    Disabled Rely only on the MDM compliance engine for the compromised device protection.
    Data Loss Prevention
    Enabled Access and configure settings intended to reduce data leaks.
    Enable Copy And Paste
    Allows an application to copy and paste when set to Yes.
    Enable Printing
    Allows an application to print from devices when set to Yes.
    Enable Camera
    Allows application to access the device camera when set to Yes.
    Enable Composing Email
    Allows application to access the device camera when set to Yes.
    Enable Data Backup
    Allows wrapped applications to sync data with a storage service such as iCloud when set to Yes.
    Enable Location Services
    Allows wrapped applications to receive the latitude and longitude of the device when set to Yes.
    Enable Bluetooth
    Allows applications to access bluetooth functionality on devices when set to Yes.
    Enable Screenshot
    Allows applications to access screenshot functionality on devices when set to Yes.
    Enable Watermark
    Displays text entered in Overlay Text as a watermark in documents in the VMware Workspace ONE Content when set to Yes.
    Note: You cannot change the design of a watermark from the Workspace ONE UEM console.
    Limit Documents to Open Only in Approved Apps
    Select this option to control the applications used to open resources on devices. For iOS devices, you can use the UEM configuration values to restrict users from importing files from third-party applications into Workspace ONE Cards. For more information, see Configure Import Restriction in Workspace ONE Content Guide.
    Allowed Applications List
    Enter the applications that are allowed to open documents.
    Disabled Allow user to access all device functions.
  3. Select Save.
  4. Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Settings.
  5. Configure Settings. You must enter specific application settings.
    Action Description
    Branding
    Enabled Apply the organization-specific logo and colors wherever applicable to the app suite.
    Disabled Maintain the Workspace ONE UEM brand throughout the app suite.
    Logging
    Enabled Access and configure settings related to collecting logs.
    Logging Level

    Select a logging level for Workspace ONE Cards:

    • Error - Records only errors. An error indicates a failure in processes such as a failure to look up UIDs or an unsupported URL.
    • Warning - Records errors and warnings. A warning displays a possible issue with processes such as bad response codes and invalid token authentications.
    • Information - Records a significant amount of data for informational purposes. An information logging level displays general processes and warning and error messages.
    • Debug - Records all data to help with troubleshooting. This option is not available for all functions.
    Send logs over Wi-Fi only
    Select to prevent data from being transferred when roaming and to limit data charges.
    Disabled When disabled, the application does not collect any logs.
    Analytics
    Enabled Collect and view the useful statistics about apps in the SDK suite.
    Disabled When disabled, the application does not collect useful statistics.
  6. Click Save.

Configure a Custom App SDK Profile for Workspace ONE Cards

If Workspace ONE Cards has Data Loss Prevention (DLP) or authentication requirements that differ from other Workspace ONE applications, you must select and configure a custom SDK profile to deploy Workspace ONE Cards.
  1. In the Workspace ONE UEM console, navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Profiles > Add Profiles.
  2. Select SDK Profile.
  3. Select a platform.
  4. Configure General Settings.
  5. Configure Custom Settings with configuration keys listed in Application Configurations for Workspace ONE Cards.
  6. Select Save.

Configure Workspace ONE Cards Using Certificate-Based Authentication (CBA) with Exchange

To authenticate users, you can configure Workspace ONE Cards using the Certificate-Based Authentication (CBA) with Exchange in Workspace ONE UEM.
  1. If you are using a default SDK profile, select the Integrated Authentication from the check box.
  2. If you are using a custom SDK profile, perform the following steps:
    1. Select Certificate Authority and Template.
    2. List the Exchange URL in the allowlist URL text box.
  3. Add KVPs such as AccountUseCBA and AccountUseDualAuth under Custom Settings in the Workspace ONE UEM console. For more information about the Keys, see Application Configurations for Workspace ONE Cards.