When an administrator logs into the Workspace ONE UEM console the admin can view all the resources that are a part of the Workspace ONE UEM console. As part of the secure access service edge (SASE) admin experience, you can provide limited Workspace ONE UEM console experience for the SASE admins. You can configure the SASE admins to view only the specific resources on the Workspace ONE UEM console.

You can customize the Workspace ONE UEM console for the SASE admin experience. To enable and provision the SASE admin experience, you can configure any customer organization group (OG) as the SASE tenant OG. In the SASE tenant OG, you can view only the resources that are related to the OG. The SASE tenant OG can be configured to view only the resources related to Tunnel. Therefore, when a SASE admin logs into the Workspace ONE UEM console, the admin can view only the resources related to Tunnel.

On demand basis, you can enable a specific SKU on the customer OG to be able to view the resources related to the OG. You can add a new Tunnel SKU and map all required tunnel resources and settings. When a SASE admin logs into the Workspace ONE UEM console, the admin can view only the resources related to the Tunnel.

Configure Tunnel Admin Role for SASE Tenant OG

You can customize the Workspace ONE UEM console for the SASE admin experience. Any tenant can be provisioned as a SASE tenant and the admin can view only the required resources of the Workspace ONE UEM console.

For the SASE admins, to enable a specific SKU on the Workspace ONE UEM console, you can select a new role called the Tunnel Administrator which has the same set of resource availability as the tenant OG. On-demand basis, on the tenant OG, the Tunnel resources can be enabled at the admin role level. To create the Tunnel Administrator role, perform the following steps:

  1. Navigate to Accounts > Administrators > List View > Add > Add Admin > Roles > Add Role and enter Tunnel Administrator.
  2. Enter the sase customer OG that must be converted to the SASE tenant OG in the Organization Group.

    Note: In this step, sase is the name of the customer OG that is converted to the SASE tenant OG.
  3. Click Save to save the new Tunnel Administrator role.