Create basic user accounts for your end users if you are not integrating a directory service with Workspace ONE UEM. Basic user accounts are also useful for testing purposes because they can be created quickly and disposed of afterward.
- Can be used for any deployment method.
- Requires no technical integration.
- Requires no enterprise infrastructure.
- Can enroll into potentially multiple organization groups.
- Credentials only exist in Workspace ONE UEM and do not necessarily match existing corporate credentials.
- Offers no federated security.
- Single sign on not supported.
- Workspace ONE UEM stores all user names and passwords.
- Cannot be used for Workspace ONE Direct Enrollment.
Create Basic User Accounts
You can create basic user accounts for each user to authenticate and log in to the Workspace ONE UEM system. You can then send basic users a notification with instructions on activating their account including a password reset link that expires in 24 hours.
This topic details creating user accounts one at a time. To create user accounts in bulk, see Batch Import Users and Devices.
- Navigate to Add then Add User. The Add / Edit User page displays. , select
- In the General tab, complete the following settings to add a basic user.
Setting Description Security Type Select Basic to add a basic user. User name Enter a user name with which the new user is identified. Password Enter a password that the user can use to log in. Confirm Password Confirm the password. Full Name Complete the First Name, Middle Name, and Last Name of the user. Display Name Represent the user in the UEM console by entering a name. Email Address Enter or edit the user's email address. Email user name Enter or edit the user's email user name. Domain Select the email domain from the drop-down setting. Phone Number Enter the user's phone number including plus sign, country code, and area code. This option is required if you intend to use SMS to send notifications. Enrollment Enrollment Organization Group Select the organization group into which the user enrolls. Allow the user to enroll into additional Organization Groups
You can allow the user to enroll into more than one organization group.
If you Enable this option but leave Additional Organization Groups blank, then any child OG created under the Enrollment Organization Group can be used as a point of enrollment.
Additional Organization Groups
This setting only appears when the option to allow the user to enroll into additional OGs is Enabled.
This setting allows you to add additional organization groups from which your basic user can enroll.
User Role Select the role for the user you are adding from this drop-down setting. Notification Message Type Select the type of message you want to send to the user, Email, SMS, or None. Selecting SMS requires a valid entry in the Phone Number option. Message Template
The basic user activates their account with this notification. For security reasons, this notification does not include the user's password. Instead, a password reset link is included in the notification. The basic user selects this link to define another password. This password reset link expires in 24 hours automatically.
Select the template for email or SMS messages by selecting one from this drop-down setting. Optionally, select Message Preview to preview the template and select the Configure Message Template to create a template.
- You can optionally select the Advanced tab and complete the following settings.
Setting Description Advanced Info Section Email Password Enter the email password of the user you are adding. Confirm Email Password Confirm the email password of the user you are adding. User Principal Name Enter the principal name of the basic user. This setting is optional. Category Select the User Category for the user being added. Department Enter the user's department for administrative purposes. Employee ID Enter the user's employee ID for administrative purposes. Cost Center Enter the user's cost center for administrative purposes. Certificates Section Use S/MIME
Enable or Disable Secure Multipurpose Internet Mail Extensions (S/MIME).
If enabled, you must have an S/MIME-enabled profile and you must upload an S/MIME certificate by selecting Upload.
Separate Encryption Certificate
Enable or Disable encryption certificate.
If enabled, you must upload an encryption certificate using Upload. Generally, the same S/MIME certificate is used for signing and encryption, unless a different certificate is expressly being used.
Old Encryption Certificate
Enable or disable a legacy version encryption certificate.
If enabled, you must Upload an encryption certificate.
Staging Section Enable Device Staging
Enable or disable the staging of devices.
If enabled, you must select between Single User Devices and Multi User Devices. If Single User Devices, you must select between Standard, where users themselves log in and Advanced, where a device is enrolled on behalf of another user.
See Device Staging for more information.
- Select Save to save only the new user or select Save and Add Device to save the new user and proceed to the Add Device page.