When you configure your application, you select a custom or a default application profile. This action applies an SDK profile to the application, giving deployed Workspace ONE UEM applications additional features.
To ensure your application configuration runs smoothly, it is helpful to:
Use the following chart to determine if you want to apply a Default or Custom SDK profile to your application, and to direct you to the configuration instructions for the profile you use.
You can define SDK profiles using two different profile types: Default or a Custom SDK application profile.
|Share SDK profile settings across all applications set up at a particular organization group (OG) or below.||Apply SDK profile settings to a specific application, and override the Default Settings SDK profiles.|
|Provides a single point of configuration for all of your apps in a particular OG and its child groups.||Offers granular control for specific applications and overrides the Default Settings SDK profiles.|
|Groups & Settings > All Settings > Apps > Settings and Policies > Security Policies||Groups & Settings > All Settings > Apps >Settings and Policies > Profiles|
|Continue reading this section to learn which default SDK profiles apply to deployed apps.||Learn more about custom SDK profile settings in the VMware Workspace ONE UEM Mobile Application Management Guide.|
Default SDK settings apply across Workspace ONE UEM and wrapped applications, providing a unified user experience on devices. Because the configured SDK settings apply to all Workspace ONE UEM and wrapped applications by default, you can configure the default SDK profile with the entire Workspace ONE UEM and wrapped application suite in mind.
The recommendations provided apply to an app suite that includes:
Not all platforms or Workspace ONE UEM applications support all available default SDK profile settings. A configured setting only works on the device when it is supported by the platform and app. This also means that an enabled setting might not work uniformly across a multi-platform deployment or between applications. The SDK Settings matrix covers the available SDK profile settings and the apps and platforms they apply to.
Configure Security Policies and select Save.
|Passcode||Prompt end users to authenticate with a user-generate passcode when the app first launches, and after an app session timeout. Enabling or disabling SSO determines the number of app sessions that get established. If a wipe is performed, that is, user has reached max number of passcode attempts, then the app will no longer flip to Hub. Instead it will kick off the standalone login flow.|
|Username and Password||Prompt end user to authenticate by re-entering their enrollment credentials when the app first launches, and after an app session timeout. Enabling or disabling SSO determines the number of app sessions that get established.|
|Disabled||Allow end user to open apps without entering credentials.|
|Enabled||Establish a single app session across all Workspace ONE UEM and Workspace ONE UEM wrapped apps.|
|Disabled||Establish app sessions on a per app basis.|
|Enabled||Allow end users to open and use Workspace ONE UEM and wrapped apps when disconnected from Wi-Fi. Offline Workspace ONE UEM apps cannot perform downloads, and end users must return online for a successful download. Configure the Maximum Period Allowed Offline to set limits on offline access.|
|Disabled||Remove access to Workspace ONE UEM and wrapped apps on offline devices.|
|Enabled||Override MDM protection. App level Compromised Protection blocks compromised devices from enrolling, and enterprise wipes enrolled devices that report a compromised status.|
|Disabled||Rely solely on the MDM compliance engine for compromised device protection.|
|Data Loss Prevention|
|Enabled||Access and configure settings intended to reduce data leaks.|
|Enable Copy and Paste Into||Allows copying and pasting content from external applications into Workspace ONE UEM applications when set to Yes.|
|Enable Copy and Paste Out||Allows copying and pasting content from the Workspace ONE UEM applications into external applications when set to Yes.With Workspace ONE Swift SDK, restrictions are enforced on link generation and copying of logs which were not earlier impacted by clipboard restrictions.
Copy and Paste action is independent of other DLP restrictions and does not adhere to allowlisting of apps.
For example, if allowed, copy and paste action can take place on any external app and is not restricted to only the allowlisted apps.
|Enable Printing||Allows an application to print from devices when set to Yes.|
|Enable Camera||Allows applications to access the device camera when set to Yes.|
|Enable Composing Email||Allows an application to use the native email client to send emails when set to Yes.|
|Enable Data Backup||Allows wrapped applications to sync data with a storage service like iCloud when set to Yes.|
|Enable Location Services||Allows wrapped applications to receive the latitude and longitude of the device when set to Yes.|
|Enable Bluetooth||Allows applications to access Bluetooth functionality on devices when set to Yes.|
|Enable Screenshot||Allows applications to access screenshot functionality on devices when set to Yes.|
|Enable Watermark||Displays text in a watermark in documents in the VMware Workspace ONE Content when set to Yes. Enter the text to display in the Overlay Text field or use lookup values. You cannot change the design of a watermark from the UEM console.|
|Limit Documents to Open Only in Approved Apps||Enter options to control the applications used to open resources on devices. (iOS only) You can use Workspace ONE UEM Configuration values to restrict users from importing files from third-party applications into Workspace ONE Content. For more information, see Configure Import Restriction in Workspace ONE Content section.|
|Allowed Applications List||Enter the applications that you allow to open documents.|
|Disabled||Allow end user access to all device functions.|
Navigate to Groups & Settings > All Settings > Apps > Settings and Policies > Settings.
Configure Settings and select Save.
|Enabled||Apply specific organizational logo and colors, where applicable settings apply, to the app suite.|
|Disabled||Maintain the Workspace ONE UEM brand throughout the app suite.|
|Enabled||Access and configure settings related to collecting logs.
Choose from a spectrum of recording frequency options:
Error – Records only errors. An error displays failures in processes such as a failure to look up UIDs or an unsupported URL.
Warning – Records errors and warnings. A warning displays a possible issue with processes such as bad response codes and invalid token authentications.
Information – Records a significant amount of data for informational purposes. An information logging level displays general processes as well as warning and error messages.
Debug – Records all data to help with troubleshooting. This option is not available for all functions.
Send logs over Wi-Fi only
Select to prevent the transfer of data while roaming and to limit data charges.
|Disabled||Do not collect any logs.|
|Enabled||Collect and view useful statistics about apps in the SDK suite.|
|Disabled||Do not collect useful statistics.|
|Enabled||Apply custom XML code to the app suite.|
|Disabled||Do not apply custom XML code to the app suite.|
You can enable or disable certain functionalities of Workspace ONE Content and Workspace ONE Smartfolio apps by adding specific configuration keys either in the default or custom SDK profile. For more information about configuring the SDK profiles with the configuration keys, see VMware Workspace ONE Content and Workspace ONE Smartfolio
Enabling or disabling SSO determines the number of app sessions established, impacting the number of authentication prompts end users receive.
|Disabled||Enabled||Single||Enrollment Credentials||Open apps without prompting end users to enter credentials.|
|Passcode||Enabled||Single||Passcode||Prompts at first launch of first app, establishing a single app session. The next authentication prompt occurs after the session times out.|
|Username and Password||Enabled||Single||Enrollment Credentials||Prompts at first launch of first app, establishing a single app session. The next authentication prompt occurs after the session times out.|
|Passcode||Disabled||Per App||Passcode||Prompts on a per app basis, establishing individual app sessions. Note that each app may have a unique passcode. The next authentication prompt occurs when launching a new app, or an individual app session times out.|
|Username and Password||Disabled||Per App||Enrollment Credentials||Prompts on a per app basis, establishing individual app sessions. The next authentication prompt occurs when launching a new app, or an individual app session times out.|