Single-User Device Staging on the Workspace ONE UEM console allows a single administrator to outfit devices for other users on their behalf, which can be useful for IT administrators provisioning a fleet of devices.

Device staging through Workspace ONE Direct Enrollment is not supported. If you must stage a device, whether for single or multiple users, you must enroll the device using Workspace ONE Intelligent Hub instead of Workspace ONE Direct Enrollment.

Important:

The ability to create staging users is an elevated admin privilege. Permission to create a staging user should be limited only to specific, trusted administrators. Also, treat staging user credentials as you would any other admin privilege and do not disclose the user credentials.

Currently, any administrator with the permission to create a user can also create a staging user. Limit this ability by editing the roles assigned to your administrators. Navigate to Accounts > Administrators > Roles. Identify only those roles you want to limit and then Edit () each of these roles in the category path All > Accounts > Users > Accounts by clearing the Edit check box from the "Add/Edit" permission.

Note: LDAP binding is required when staging devices. To create this payload, see Binding a Device to the Directory Service in this guide.

Procedure

  1. Navigate to Accounts > Users > List View and select Edit for the user account for which you want to enable device staging.
  2. In the Add / Edit User page, select the Advanced tab.
    1. Scroll down to the Staging section.
    2. Select Enable Device Staging.
    3. Select the staging settings that apply to this staging user.
    Single User Devices stages devices for a single user.
  3. Toggle the type of single user device staging mode to either Standard or Advanced.
    Standard staging requires an end user to enter login information after staging, while Advanced means that the staging user can enroll the device on behalf of another user.
  4. Ensure that Multi User Devices is set to Disabled.
  5. Enroll the device.
    • Enroll using the Workspace ONE Intelligent Hub by entering a server URL and Group ID.
    • Open the device's Internet browser, navigate to the enrollment URL, and enter the proper Group ID.
  6. Enter your staging user's credentials during enrollment.
    1. If necessary, specify that you are staging for Single User Devices.
      You will only have to do this if multi-user device staging is also enabled for the staging user.
  7. Complete enrollment for either Advanced or Standard staging.
    1. If you are performing Advanced staging, you are prompted to enter the user name of the end-user device owner who is going to use the device. Proceed with enrollment by installing the Mobile Device Management (MDM) profile and accepting all prompts and messages.
    2. If you are performing Standard staging, then when the end user completes the enrollment, they are prompted to enter their own credentials in the login window.

Results

The device is now staged and ready for use by the new user. If an enrollment terms of use agreement is in place, the staging single-user will not see this TOU agreement prompt until they log into their SSP account.