The Shared Device settings page lets you configure settings related to the shared device (multi-user) functionality of Workspace ONE UEM.

Configure Shared Device settings by navigating to Groups & Settings > All Settings > Devices & Users > General > Shared Device.

What can you do with the Workspace ONE UEM Shared Device settings page?

The Shared Device settings page allows you to:
  • Choose how group assignment is handled.
    • Let the end user enter the group ID, effectively letting them choose the organization group (OG).
    • Lock the end users to a fixed OG.
    • Base assignments on the User Group to which the user belongs. Whichever OG the User Group is assigned, that is where all users in that User Group will go.
  • Configure and force shared device users to enter a special shared device passcode, which is distinct from the single sign-on passcode, including all the passcode variables such as complexity, special characters, expiration, and so on.
  • Configure what happenes when users of shared devices log out:
    • Configure whether Android app data is cleared
    • Configure whether Android apps assigned to the user are reinstalled.
    • Configure whether passcode is cleared (both Android and iOS), requiring the next user that checks out the device to create their own passcode.
    • Clear Android accounts, which some apps use to automatically log users in. Applies to Workspace ONE Launcher only.

Determine your Organizational group hierarchy

Before you review and modify settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choices. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.

  • Current Setting – Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission – Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.

Grouping

Setting Description
Group Assignment Mode

Configure devices in one of three ways:

  • Select Prompt User for Organization Group to have the end user enter a Group ID for an organization group upon login.

    With this method, you have the flexibility to provide access to the settings, applications, and content of the organization group entered. Using this approach, an end user is not restricted to accessing only the settings, applications, and content for the organization group to which they are enrolled.

  • Select Fixed Organization Group to limit your managed devices to settings and content applicable to a single organization group.

    Each end user who logs in to a device has access to the same settings, applications, and content. This method can be beneficial in a retail use case where employees use shared devices for similar purposes such as checking inventory.

  • Select User Group Organization Group to enable features based on both user groups and organization groups across your hierarchy.

    When an end user logs in to a device, they have access to specific settings, applications, and content based on their assigned role within the hierarchy. For example, an end user is a member of the 'Sales' user group, and that user group is mapped to the 'Standard Access' organization group. When that end user logs in to the device, the device is configured with the settings, applications, and content available to the 'Standard Access' organization group.

    You can map user groups to organization groups on the UEM console. Navigate to Groups & Settings > All Settings > Devices & Users > General > Enrollment. Select the Grouping tab and fill in the required details.

Always Prompt for Terms of Use Prompts the end users to accept your Terms of Use agreement before they log in to a device.

Security

Setting Description
Require Shared Device Passcode (For iOS devices only) Require users to create a Shared Device passcode in the Self-Service Portal to check out devices. This passcode is different from a Single Sign On passcode or a device-level passcode.
Require Special Characters Require special characters in the shared device passcode, which includes characters such as @, %, &, and so forth.
Shared Device Passcode Minimum Length Set the minimum character length of the shared passcode.
Shared Device Passcode Expiration Time (days) Set the length of time (in days) the shared passcode expires.
Keep Shared device Passcode for minimum time (days) Set the minimum amount of time (in days) the shared device passcode must be changed.
Passcode History Set the number of passcodes that are remembered by the system, providing a more secure environment by preventing the user from reusing old passcodes.
Auto Logout Configure an automatic log out after a specific time period.

This setting is not to be confused with inactivity logout that is configurable with custom XML.
Auto Logout After Set the length of time that must elapse before the Auto Log out function activates in Minutes, Hours, or Days.
iOS Single App Mode

Select this check box to configure Single App Mode, which locks the device into a single application when an end user logs in to the device.

To check out an iOS device in Single App Mode, end users log in using their credentials. When the device is checked in again, it returns to Single App Mode.

Enabling Single App Mode also deactivates the Home button on the device.

Note: Single App Mode applies only to Supervised iOS devices.

Logout Settings

Setting Description
Clear Android App Data This setting controls whether the application data from the current session is cleared when the user logs out of a shared device (checks it in).
Reinstall Android Apps

If an app is assigned to the staging user and end-users logging in and out of the device, select one of the preferred app management behaviors: Always reinstall apps between users or Never reinstall apps between users.

Warning: VMware recommends not enabling the Never option. When this option is set to Never, the software no longer requires that apps be deleted and reinstalled when one user stops using a shared device and another user begins using the same device. This means that the next user may have access to the original user’s app data, including any personal or sensitive data.

Ensuring the security of app data by end users using the same device is your sole responsibility. VMware is not liable for any damages in connection with your decision to enable this feature including direct, indirect, incidental, special, punitive, consequential damages or loss of profits, even if notice is given of the possibility of these kinds of damages.

Clear Android Device Passcode Enable to clear the Android device passcode, requiring the next user to create their own.
Clear Android Accouts Enable to remove accounts that some apps can use to automatically log in. This settings only applies to Launcher since Native Android Launcher always clears every account.
Note: Android 8.0 required to clear Google accounts. Android 9.0 required for non- Google accounts.
Clear iOS Device Passcode Enable to clear the iOS device passcode, requiring the next user to create their own.