Workspace ONE UEM powered by AirWatch lets you provision a Zebra Rugged device with a Stage Now barcode that installs a host of useful configs including a Wi-Fi profile, Relay Server connectivity, and a Check-in/Check-out launcher.
Use Case: You want to provision a Zebra device with a way to check the device in and out making it suitable for multi-user use. These devices also need a relay server to host provisioned content, a Wi-Fi profile to connect it to the network, and a Stage Now barcode to deliver it all. This use case represents a "one-stop" provisioning solution for Zebra Android devices.
- The Zebra device must begin in a factory reset state with Android 7.0 (Nougat) or later and MX version 7.1 or later.
- The Zebra device must also have VMware Workspace ONE Intelligent Hub version 8.2 or later.
- Create a staging-based relay server, which hosts all the staging content.
- Navigate to .
- Select .
- Configure the relay server options per your preferences and specifications. For the purpose of this use case, select the Assignment tab and in the Staging Server section, select one or more organization groups that manage your Zebra devices.
- Save the Staging Relay Server.
- Create a production-based relay server, which hosts all the content to be used on a day-to-day basis after the conclusion of this use case.
- While still in the Relay Servers List View, select .
- Configure the relay server options per your preferences and specifications. For the purpose of this use case, select the Assignment tab and in the Production Server section, select the same organization groups you selected for the Staging Relay Server in the previous step.
- Save the Production Relay Server.
- Create the CICO Launcher profile. The launcher is the component that facilitates the check-in / check-out process.
- Navigate to and select .
- For Profile Scope, set the drop-down menu to Production.
- Select the Launcher payload from the list to the far-left of the window.
- Select the Configure button and select the application options for the launcher per your preferences.
- Select Settings, include an Administrative Passcode, then select Close.
- Save the Launcher configuration.
- Select Save again to save the new Android Provisioning Profile.
- Create a Wi-Fi profile. This profile ensures that the Zebra device has Wi-Fi connectivity, which is important.
- While still at from the previous step, select .
- For Profile Scope, set the drop-down menu to Staging.
- Select the Wi-Fi payload from the list at the far-left of the window.
- Select the Configure button and complete the Wi-Fi connection details. Make certain to select a Wi-Fi password that complies with the minimum length and complexity rules for passcodes.
- Save the Wi-Fi Profile.
- Create a smart group that contains all the Zebra devices you want to target for this use case. This smart group is how the CICO Launcher profile gets installed on your Zebra device fleet.
- Navigate to Add Smart Group button. and select the
- Name the smart group something like "Zebra Devices CICO Launcher".
- Under Organization Group, select the OG that manages your Zebra devices.
- Under Platform and Operating System, select Android Greater Than or Equal To Android 7.0.0.
- Under Enterprise OEM Version, select Motorola/Zebra Greater Than or Equal To Zebra Mobility Extensions Version 7.1.
- Save the smart group.
- Create a product, include the CICO launcher, and assign it to the smart group.
- Navigate to Add Product button. and select the
- Select the Android platform.
- Enter the Name of the product and under Managed By, select the OG that manages your Zebra devices.
- Under Smart Groups, select the smart group you made in the previous step from the drop-down menu.
- Select the Manifest tab and then select the Add button.
- Under Actions to Perform, select Install Profile.
- Under Profile, select the CICO Launcher Profile you made in step 3.
- Save the product.
- Configure an Android Staging Profile.
- Navigate to and select .
- Complete all required options on the General tab.
- Owned By - Select the organization group that manages your Zebra devices.
- Enrollment User - You must select a device user who is configured as a staging multi-user. You can edit an existing user to be a staging multi-user by taking the following steps.
- Navigate to .
- Select the Edit icon () to the left of the user you want to change.
- Select the Advanced tab and in the Staging section, Enable Device Staging and then enable Multi User Devices.
- Save the edit.
- Hub - Select version 8.2 or later of the Workspace ONE Intelligent Hub application.
- Save the Staging Profile.
- Configure the Stage Now barcode.
- Navigate to and locate the Android Staging Profile you made earlier.
- Select the radio button to the left of the Android Staging Profile. Some new buttons display under the main buttons.
- Select the Stage Now Barcode button. The Generate Stage Now Barcode screen displays.
- Under Staging Relay Server, select the staging-based relay server you made earlier.
- Under Staging Profile, select the Wi-Fi profile you made earlier.
- Select Save to save the barcode as a PDF file.
- Ensure that the Stage Now URL setting is configured correctly, found in
. If you are operating in a SaaS environment, you can skip this step.
- If your on-premises environment is configuring its own Stage Now server, then enter that custom URL in this text box.
- If your on-premises environment is not configuring its own Stage Now server, then you must open your networks to allow access to the URL listed here.
- Distribute the Zebra device and the PDF produced in a previous step to the staging individual and direct them to scan the following Zebra Skip Setup Barcode which runs the Stage Now application.
- Stage Now makes the request to scan a barcode.
- Scan the Stage Now Barcode provided in PDF saved in an earlier step.
Scanning the Stage Now Barcode triggers the following actions.
- MDM information is obtained.
- The Wi-Fi profile is downloaded and assigned.
- A connection is made to the Staging Relay Server, enabling the device to pull the Staging Profile.
- The Staging Profile contains the Workspace ONE Intelligent Hub application, ZebraMXService.apk, and credentials.bin file.
- The device installs the Workspace ONE Intelligent Hub application. The Hub opens and interprets the credentials.bin file, which in turn triggers the derived user information to be sent to the device services server for authentication and authorization.
- Device services validates the credentials.
- The Workspace ONE Intelligent Hub calls Google EMM registration service to obtain an Enterprise ID.
- Google responds with a masked Gmail account linked to the Enterprise and a token for authentication. This response allows the Workspace ONE Intelligent Hub application to continue enrolling.
- Accept the privacy information and any other prompts presented by the Workspace ONE Intelligent Hub. For more information about Workspace ONE Mobile Applications Privacy, see https://kb.vmware.com/s/article/2960318.
The Zebra device enrolls into Workspace ONE UEM and the Workspace ONE Intelligent Hub application sends intents to the device to install additional products assigned in the Workspace ONE UEM console including the CICO Launcher configured earlier.
- The Zebra device downloads products from the Production Relay Server.
- The VMware Launcher prompts the end user to log in. The device end user takes possession of the device by entering their enterprise credentials (AD/LDAP/Basic) and organization group as required.
- VMware Launcher receives the credentials and passes off the authentication to the Workspace ONE Intelligent Hub application.
- The Workspace ONE Intelligent Hub application sends the user information to device services which validates the credentials.
- The Workspace ONE Intelligent Hub directs the VMware Launcher to load the configured layout and also directs the device to pull down any other products that are assigned to the end user. It pulls these products from the Production Relay Server, configured earlier.
- The device works with Google EMM to install any public applications that are assigned to the device.
What to do next
The device is successfully checked out and the end user can use the device in its full capacity.