Configure Workspace ONE Web settings using the Configuration Key and Configuration Value pairs provided by Workspace ONE UEM.

To configure Workspace ONE Web settings, enter the configuration key and the corresponding value into the Custom Settings under Groups & Settings > All Settings > Apps > Settings and Policies > Settings.

Configuration Key Value Type Configuration Value Description
{"BrowserDisableQRCode": "true"} Boolean

True

False

(Available for Android and iOS)

If the value is true, the QR Code scanner in Workspace ONE Web URL bar is disabled.

If the value is false, the QR Code scanner is displayed in the Workspace ONE UEM URL bar.

{“BrowserDisableUserAgentString” : "true”} Boolean

True

False

(Available for Android only)

If the value is true, the user Hub string is disabled. However, this also disables the ability to switch between desktop mode and mobile mode.

If the value is false, the user Hub string is enabled and also enables the ability to switch between desktop mode and mobile mode.

{"BrowserDisableAutoCloseTab": "true" } Boolean

True

False

(Available for iOS only)

If the value is true, Workspace ONE Web does not auto-close the tab that runs an external application.

If the value is false, Workspace ONE Web auto-closes the tab that runs an external application.

{"BrowserDisableWebclip":"true"} Boolean

True

False

(Available for Android and iOS)

By default, the Webclips are shown in the Workspace ONE Web Bookmarks. If the value is set to true, the Webclips do not appear in the Workspace ONE Web Bookmarks.

You can push webclips with awbf:// and awbfs:// protocols to open in full screen mode.

{ "BrowserDisableLongPressOnLinks":"true" } Boolean

True

False

(Available for Android only)

When set to True, Workspace ONE Web disables the open in the new tab and add to bookmarks dialog (or prompt) box for links that are long pressed.

{ "DisableLongPressInKiosk":"true" Boolean

True

False

When set to True, Workspace ONE Web disables the long press option to prevent users to take any unintended actions on the website. This key applies only when Web is in kiosk mode.

Admin Policies for Privacy and Data Collection

Use the configuration keys in the UEM console to perform additional privacy disclosure and data collection practices. End users who are upgrading or beginning to use the latest version (from v6.14 onwards on iOS and Android platform) are presented with new privacy prompt screen upon the start of the application.

The privacy prompt screen lets the user know the following device information is fetched by the application:

  • Data collected by the app – Provides a summary of data that is collected and processed by the application. Some of this data are visible to administrators of the Workspace ONE UEM administration console.
  • Device Permissions – Provides a summary of device permissions requested for the app to enable product features and functionality, such as push notifications to the device.
  • Company's privacy policy – By default, a message is shown to the user to contact their employer for more information. VMware recommends users to configure their privacy policy URL in the UEM console. After configured, the users can open the employer’s privacy policy within the application.

To enable privacy and data collection policies, enter the configuration key and the corresponding value in Custom Settings under Groups & Settings > All Settings > Apps > Settings and Policies > Settings.

Configuration Key Value Type Configuration Value Description
{ "PolicyAllowFeatureAnalytics" } Integer

0 - disabled

1 - enabled (default)

Feature analytics data collection admin policy that controls whether the end users see the Data Sharing opt-in during configuration of the Workspace ONE Web.
When set to 0, the data sharing screen is forced off to the user. When set to 1, the data sharing screen is displayed to the user.
Note: Feature analytics data is collected for VMware to improve existing product features and invent new ones to make users even more productive.
{ "PolicyAllowCrashReporting" } Boolean

True

False

Crash reporting data collection admin policy that controls the application reporting diagnostic data, which can be used to troubleshoot crash issues and provide support.

If true, crash reports are reported back to VMware.

If false, crash reports are not reported back to VMware. It Impacts the efficiency in investigating and resolving any issues with the application.

{ "PrivacyPolicyLink" } String "https://www.url.com"
Provide the company or customer privacy policy URL that the users can view a specific privacy disclosure web page directly with the Workspace ONE Web.
Note: This policy overrides the default company privacy policy URL.

Sample SDK configuration: {"PolicyAllowFeatureAnalytics":1, "PrivacyPolicyLink":"https://www.acme.com/privacypolicy", "PolicyAllowCrashReporting":true}

Configure Web Clips in Full Screen Mode

By default, web clips are displayed in normal mode in the Workspace ONE Web Bookmarks. If you want your user to view the web clips in full screen mode, set the URL prefix as awbf:// and awbfs://. For more information on the web clip configuration process, refer to the Platform Guide.

Enabling SDK logging on iOS Web

Use the following configuration key to enable the SDK logging on Web. This key provides a fallback if you want to log browser logs in the SDK logging framework.
Configuration Key Value Type Configuration Value Description
BrowserEnableLoggingToSDK Boolean

True

False

Set this value to true to log browser logs in the SDK logging framework.

Enable and Disable Web Fullscreen mode

With Workspace ONE Web, users can browse content in the Fullscreen viewing mode. Fullscreen mode hides the URL and the navigation bar and displays only the content. Users can exit the fullscreen mode either by a long press on the screen or kill and relaunch the Web application.

By default, the fullscreen mode is enabled, and admin can disable this mode using the following KVP:

Configuration Key Value Type Configuration Value Description
DisableFullscreenMode Boolean

False (default)

True

Set the value to true to disable the full screen mode view.

SCEP Integrated Authentication

Use the integrated authentication with an authentication type set to SCEP certificates in the UEM console by configuring the following key value pairs.

Configuration Key Value Type Configuration Value Description
ScepPendingRetryTimeout Integer Min and max values Provide the time duration after which the SCEP pending retry will time out.
ScepPendingMaxRetryAttempts Integer Min and max values Provide the maximum retry count for the SCEP certificate to update on the device.

View Downloaded Files in Workspace ONE Content Application for Android Devices

To view the downloaded files in the Workspace ONE Content application, use this configuration key in the UEM console. Users must install and configure the Content application on their device to view the supported files. For more information about files supported by the Content application, see the Matrix of Supported File Type by Platform topic in the Mobile Content Management documentation.

Configuration Key Value Type Configuration Value Description
BrowserAutoOpenInContent Boolean

False (default)

True

Set the key value to true, to automatically view the downloaded files in the Workspace ONE Content application.

Add a Custom String to the Browser User Agent

As an admin, you can pass an identifier to Workspace ONE Web that appends to the user agent string. This identifier is an optional parameter and applies to both mobile and desktop user agent. It does not support double byte characters and rich text.

Configuration Key Value Type Configuration Value Description
BrowserUserAgentPostfix String

"This is the appended string"

Example:

{ "BrowserUserAgentPostfix": "This is the appended string" }

Set the string to append at the end of the user agent.

Configure Workspace ONE Web to Use a PAC File

You can configure Workspace ONE Web to use the Proxy Auto-Configuration (PAC) file to allow your web traffic to pass through the proxy server. A PAC file is a text file that directs a browser to a proxy server before it reaches the destination server.

Configuration Key Value Type Configuration Value Description
BrowserPacURL String

URL of the PAC file.

Set the PAC URL.
BrowserPacMode Integer

1

2

Set the value to 1 to use a PAC file for URLs that are not tunneled through the tunnel proxy or VMware tunnel. For example:
{
"BrowserPacURL": "https://mypac.mydomain.com/pacfile"
"BrowserPacMode": 1
} 
Set the value to 2 to use a PAC file for URLs that are also tunneled through the VMware tunnel. For example:
{
"BrowserPacURL": "https://mypac.mydomain.com/pacfile"
"BrowserPacMode": 2
} 

Enabling Print Option in Kiosk Mode

Use the following configuration key, to enable the print option in kiosk mode:

Configuration Key Value Type Configuration Value Description
{"BrowserAllowPrintInKiosk" : "True"} Boolean

False (default)

True

Set the value to true, to enable printing in Kiosk Mode.
To enable the print option in Kiosk mode, ensure that printing is allowed under the SDK DLP settings,

WebRTC Support in Workspace ONE Web (Android only)

With WebRTC, websites can easily access the camera and microphone in Workspace ONE Web for Web Real-Time Communication. To enable this feature, you must configure the Web application with the following KVP.

Configuration Key Value Type Configuration Value Description
{ "BrowserEnableWebRTC": "True" } Boolean

False (default)

True

Set the value to true, to enable WebRTC in Workspace ONE Web.
This feature is supported only in Android 7 and higher versions.

Redirect mailto: Links to your Favorite Email Clients

By default, Workspace ONE Web opens mailto: links in Workspace ONE Boxer or in the iOS native email application when the Data Loss Prevention (DLP) option is disabled. As an admin, you can change this behavior by configuring Web to open mailto: links in any configured third-party email client.

To apply the mailto: setting in Workspace ONE Web, you must add the following configuration in the Custom Settings. Before you configure, make sure that you have disabled the Enable Composing Email option under the SDK DLP setting.

Configuration Key Description
{
      "CustomSDKSettings": {
         "com_vmware_DLP_Redirection": {
                   "mailtoSchemeConfiguration": {
                             "mailto": "ms-outlook",
                             "appName": "Outlook"
                     }
               }
        }
}

Add this configuration key to open mailto: links in any configured email client.

You must specify the target apps scheme as a value for the source scheme, and the application's name as a value for the appName.

Note: Make sure that the email application configured by you must be installed on the iOS device.

Configure iOS Web to Support Shortened URLs

Use the shortened or non-FQDN (Fully qualified domain name) URLs to access the websites of your organization by adding the following Key-value pair. This Key eliminates the need to add HTTP or HTTPs to the URLs.

Configuration Key Description
{"BrowserShortlinkPrefix": ["wmlink","vmware"]} This KVP acts as a URL prefix. Any URL whose prefix matches this value is a non-FQDN URL. For example, wmlink treats wmlink, wmlink-clarity, wmlink-byod, wmlink-internal as non-FQDN URLs.

Set Up a Retention Period for Downloaded Files

Use the following key to configure a retention period for the downloaded files in Workspace ONE Web.

Configuration Key Value Type Configuration Value Description
{"BrowserRetainDownloads": "day"} String

Always (default)

Day

Week

Month

Always

This key removes the downloaded files from Web after the configured retention period expires.
Note: When configured, this key deletes all existing downloaded files if the time since the files where downloaded exceeds the retention period.

Automatically Open Downloaded Files (Android only)

Use the following key to configure Workspace ONE Web for Android to open the downloaded files automatically in a default application.
Configuration Key Value Type Configuration Value Description
{"BrowserAutoOpenDownload": true} Boolean

True (default)

False

Set the value to true to open the downloaded files automatically in a default application.