Admin Accounts

You can maintain settings, push, or revoke features and content, and much more with admin accounts in Workspace ONE Express and Workspace ONE UEM.

Admin Account List View

This screenshot displays the administrator account list view, which you can filter by role and status. You can sort the listing by clicking any of the column headers. From this page, you can add new accounts and import accounts in batches.

You can implement key management functions for ongoing maintenance and upkeep of admin accounts by navigating to Accounts > Administrators > List View.

Display the Add/Edit Admin page by selecting the hypertext link in the user name column. This link enables you to update current roles assigned quickly or change roles within your organization quickly to keep their privileges up-to-date. You can also alter general admin information and reset a password.

You can Filter the list of administrators to include all roles or limit the listing to only a specific role you want to see. You can also export a CSV (comma-separated values) file of the filtered or unfiltered Administrators List View. You can then view and analyze this file with MS Excel. Select the Export button (The export icon is the shape of a blue box with an arrow pointing out of its top-right corner.) then navigate to Monitor > Reports & Analytics > Exports to view and download the resulting report.

Select the kebab icon (This UI element is called a kebab icon and it looks like a vertically oriented elipsis.) located to the left of each listing to open the action popup applicable to that admin.

This partial screenshot shows the action popup on the administrator account list view, enabling you to change many elements of an account.

  • Edit - Make changes to the details of an administrator account, such as roles assigned, contact information, authentication info, among others.
  • Deactivate – Change the status of an admin account from active to inactive. This feature allows you to suspend the management functions and privileges temporarily. At the same time, this feature enables you to keep the defined roles of the admin account for later use.
  • Reset Password – Available to basic administrators only. Sends an email to the basic admin email address on record. The email contains a link that expires in 48 hours. To reset the password, the basic admin must select the link and answer the password recovery question. This link enables the basic admin to change their own password.
    • Directory-based administrators must reset their passwords using the active directory system.
    • Temporary administrators cannot reset their password. Another admin must delete then re-create the temporary admin account.
  • Login History – Track when admins log in and out of the Workspace ONE UEM console or Workspace ONE Express.
  • Activate – Change the status of an admin account from inactive to active. This option is only available on inactive accounts.
  • Delete – Remove the admin account from the console. Such an action is useful for when an administrator ends employment.

Create an Admin Account

You can add Admin Accounts from the Administrators List View page, providing access to advanced features of the Workspace ONE UEM console and Workspace ONE Express. Each admin that maintains and supervises the console must have an individual account.

This screenshot shows the Accounts Administrator List View which enables you to create an admin account.

  1. Navigate to Accounts > Administrators > List View, select Add, then Add Admin. The Add/Edit Admin page displays.
  2. Under the Basic tab, for the User Type setting, select either Basic or Directory.
    • If you select Basic, then fill in all required settings on the Basic tab, including user name, password, First Name, and Last Name.
    • You can enable Two-Factor Authentication where you select between Email and SMS as a delivery method and the token expiration time in minutes.
    • You can also select a Notification option, choosing between None, Email, and SMS. The Admin receives an auto-generated response.
    • If you select Directory, then enter the Domain and user name of the admin user.
  3. Select the Details tab and enter additional information, if necessary.
  4. Select the Roles tab and then select the Organization Group followed by the Role you want to assign to the new admin. Add new roles by using Add Role.
  5. Select the API tab and choose the Authentication type.
  6. Select the Notes tab and enter additional Notes for the admin user.
  7. Select Save to create the admin account with the assigned role.

Create a Temporary Admin Account

You can grant temporary administrative access to your environment for support, demonstrations, and other time limited use cases. Temporary administrators cannot reset their password. Another admin must delete then re-create the temporary admin account.

This screenshot shows the Accounts Administrator List View which enables you to create a temporary admin account.

  1. Navigate to Accounts > Administrators > List View, select Add. Select the Add Temporary Admin option.

    Alternatively, you can select the Help button from the header bar that appears at the top-right corner of almost every page of Workspace ONE UEM and Workspace ONE Express and select Add Temporary Admin.

  2. In the Basic tab, select to add a temporary admin account based on Email Address or user name and complete the following settings.

    Setting Description
    Email Address Enter the email address on which the temporary admin account is based. Available only when Email Address radio button is selected.
    User name Enter the user name on which the temporary admin account is based. Available only when the user name radio button is selected.
    Password / Confirm Password Enter and confirm the password that is associated with the Email Address or user name.
    Expiration Period Select an Expiration Period which defaults to 6 hours. You can also set this drop-down menu to Inactive to create the account now and activate it later.
    Ticket Number Optionally, you can add the Ticket Number from ZenDesk, Bugzilla, Jira, or other help desk tool as a reference marker.
  3. In the Roles tab, you can add, edit, and delete roles applicable to the temporary admin account.

    • Add a role by selecting the Add Role button and then select the organization group and role for which the temporary admin account applies.
    • Edit an existing role by selecting the edit icon (This edit icon is shaped like a blue pencil.) and select a differentorganization group and role.
    • Delete a role by selecting the delete icon (This delete icon is shaped like a blue X.).

Directory User Status Syncing

When you make users inactive in your directory service, it impacts the corresponding Workspace ONE UEM and Workspace ONE Express account in a similar way but only assuming these prerequisite conditions.

  • Syncing of removed users works with Active Directory only.
  • The user name you entered in the Bind User Name option must have Active Directory administrator privileges.
    • Check on this name by navigating to Groups & Settings > All Settings > System > Enterprise Integration > Directory Services, and in the Server tab, look for the Bind User Name text box.
    • Workspace ONE Express customers can find the Bind User Name text box in the same Server tab by navigating to Groups & Settings, then select Directory Services from the Name column.
  • You can allow non administrators in Active Directory access to the deleted objects container provided you follow the steps outlined in the following Microsoft Support article. https://support.microsoft.com/en-in/help/892806/how-to-let-non-administrators-view-the-active-directory-deleted-object.
  • Furthermore, the recycle bin must be enabled using the Active Directory Administrative Center but only if you are deleting users in AD.
    1. Open the Active Directory Administrative Center.
    2. Select the domain, then right click the domain.
    3. Select Enable Recycle Bin. Once enabled, the recycle bin cannot be deactivated.

Login History

Navigate to Accounts > Administrators > System Activity > Login History and you can view a listing of all administrator logins including date & time, their IP address, browser, and platform. Select a Username from the listing to see the entire login history of the selected admin.

Alternatively, you can view the login history of an individual administrator by navigating to Accounts > Administrators > List View and selecting the kebab icon (This UI element is called a kebab icon and it looks like a vertically oriented elipsis.) to the left of the admin listing, then select Login History.

check-circle-line exclamation-circle-line close-line
Scroll to top icon