User and Admin Accounts

To enroll devices in Workspace ONE Express and Workspace ONE UEM, you must create and integrate user accounts. Likewise, you must also create administrator accounts so admins can easily manage users and devices.

User Account List View

The console allows you to establish a complete user and admin infrastructure. It provides configuration options for authentication, enterprise integration, and ongoing maintenance.

The List View page, which you can find by navigating to Accounts > Users > List View, provides useful tools for common user account maintenance and upkeep within Workspace ONE UEM.

This screenshot displays the user account list view, showing the listing of device end users as they appear using filters and sorted by enrollment status.

Customize List View

You can use the User Accounts List View to create customized lists of users immediately. You can also customize the screen layout based on criteria that is most important to you. You can export this customized list for a later analysis and add new users individually or in bulk.

Action Description
Filters View only the desired users by using the following filters.

Security Type
Enrollment Organization Group
Enrollment Status
User Group
User Role
Add button Add User – Perform a one-off addition of a basic user account. Add an employee or a newly promoted employee that needs access to MDM capabilities.
Batch Import – Add multiple users into Workspace ONE by importing a comma-separated values (CSV) file. Enter a unique name and description to group and organize multiple users at a time. For more information, see the section Batch Import Users and Devices in the Batch Import Feature.
Layout button Enables you to customize the column layout.

Summary – View the List View with the default columns and view settings.
Custom – Select only the columns in the List View you want to see. You can also apply selected columns to all administrators at or below the current organization group.
Sorting Most columns in the List View (in both Summary and Custom Layout) are sortable including Devices, User Groups, and Enrollment Organization Group.
Export button You can save a CSV (comma-separated values) file of the entire User List View that you can view and analyze with MS Excel. If you have a filter applied to the User List View, the exported listing reflects the filtered results.

Select the Export button then navigate to Monitor > Reports & Analytics > Exports to view and download the resulting report.

Interact with User Accounts

The list view also features a check box to the left of each user account. View user details by selecting the hypertext user name in the General Info column.

The Edit icon This is the edit icon, shaped like a gray pencil. enables you to make basic changes to the user account. Selecting a single check box causes three action buttons to appear, Send Message, Add Device, and More Actions.

You can select multiple user accounts using the check box, which, in turn, modifies the available actions.

Action Description
Send Message Provide immediate support to a single user or group of users. Send a User Activation (user template) email to a user notifying them of their enrollment credentials.
Add Device Add a device for the selected user. Only available for single user selections.
More Actions Display the following options.
Add to User Group Add selected users to new or existing user group for simplified user management. For more information, see the sections titled User Groups List View and Edit Your User Group Permissions in User Groups.
Remove from User Group Remove selected users from the existing user group.
Change Organization Group Manually move the user to a different organization group. Update the available content, permissions, and restrictions of a user if they change positions, get a promotion, or change office locations.
Delete If a member of your organization permanently ends employment, you can quickly delete a user account. Deleting account information is the equivalent of the account never having existed in the first place. A deleted account cannot be reactivated. If a deleted account owner returns, a new account must be created for them.
Activate Activate a previously deactivated account if a user returns to an organization or must be reinstated in the company.
Deactivate Deactivation is a security measure. Deactivate is used when a user is missing in action, their device is out-of-compliance, or their device is lost or stolen. Workspace ONE UEM retains all the information about a deactivated account such as name, email address, password, enrollment organization group, and so forth.

A deactivated account means no one with deactivated account credentials can log in. Once the security issue is resolved (user is located, device becomes compliant, the device is recovered) then you can Activate the account.

Migrating Users With the Migration Tool

The user migration tool corrects errors in the user group sync process; it also fixes unhandled workflows and database migration errors.

You can only run the user migration tool on organization groups (OG) that are configured with the Lightweight Directory Access Protocol (LDAP). You must either change to an OG that is synced with LDAP or configure the non LDAP OG. Select the Configure link in the non LDAP configured OG to open the Directory Services System Settings page.

For more information about configuring Directory Services including LDAP, either through the wizard or manually, see Directory Services Setup.

Note: You must use the Active Directory console to migrate users from one child domain to another child domain. This migration not only changes the domain of the user but also the Distinguished Name of the user. When completing migration options in the Active Directory console, you must enable the Migrate associated user groups check box. You must take these steps before using the User Migration Tool.

This screenshot shows the introduction screen for the LDAP Sync which is in service of the User Migration.

Take the following steps to use the user migration tool.

  1. Ensure you are in an OG that is LDAP configured and that the above note has been followed, then navigate to Accounts > LDAP Sync.
  2. Select the Add LDAP Sync button. The LDAP Sync screen displays. Complete the following settings.

    This screenshot shows the LDAP Sync screen, giving you the choice between migrating ALL users or SELECT users. This screenshot shows the LDAP Sync screen, giving you the choice between migrating ALL users or SELECT users.

    Setting Description
    Users Select between migrating All users in this OG or Select users in this OG.
    Use External ID The default for this option is deactivated, which means users sync with LDAP based on their UserDN (domain name).

    If you enable this option, users sync with LDAP based on external ID instead of domain name.
    Enrollment User This option is visible only when the Select option is enabled in Users above.Use this text box to search for users. When the search returns a match as a drop down menu item, select it to add the username to the User List View.
    Refresh Type Select the method of attribute refresh. You can select both. Refresh all attributes based on User DN (domain name). Select this option if Use External ID is deactivated. Refresh all attributes based on Object Guid. Select this option if Use External ID is enabled.
    User List View This option is visible only when the Select option is enabled in Users above.As you add more enrollment users to migrate, this list view grows. You can remove users from this list by selecting them in the lsit and then select the Remove button.
  3. Select the Initiate button to finalize the sync job and add the job to the list view.

  4. Each job that is added to the LDAP Sync listing appears in the list with a Sync Status of Pending Approval. You must either approve, partially approve, or decline the job.

    This partial screenshot shows the Approve, Partially Approve, Decline popup that displays when you select the vertical elipsis

  5. Select the “vertical elipsis” which appears to the left of each job listing, and select from the following options.

    1. Approve – Approve and process the user migration job. You must confirm the approval.
    2. Partially Approve – Selecting this option displays the pending approval job in a popup screen, which you can use to select individual users for approval. This option can be useful for when you want all but a few users in the OG approved for migration. Do this by selecting the All Users check box to the left of the Username heading. Selecting this check box selects all users in the entire job. Then scroll through the listing and deselect individual users you want excluded from migration. Select the Approve button. You must then confirm the approval.
    3. Decline – Decline the user migration job. You must confirm the declined sync job.
  6. The LDAP Sync listing updates the Sync Status column with each approval option you select. You can manually refresh the listing by selecting the refresh icon.

    This partial screenshot points to the refresh button, including contextual info which allows you to find it

check-circle-line exclamation-circle-line close-line
Scroll to top icon