This section explains the payloads applicable to Workspace ONE Web and the instructions for configuring Web.

You can use Mobile Device Management (MDM) to enhance the performance of Workspace ONE Web by configuring profile payloads. To do so, you first configure General Settings and then, define the type of restriction or setting to apply to the device by selecting a payload from the list. The payloads available and their configurable settings differ from platform to platform.
  1. Navigate to Devices > Profiles > List View > Add and select Add Profile .
  2. Select a platform for the profile that you want to deploy.
  3. Configure General Settings to determine how the profile deploys, who receives it, and other settings.
  4. Select and configure a Payload.
    Payload Description iOS Android Windows 8
    Restrictions Block the native browsers on devices using a restrictions payload to keep end users from using the native web instead of the Workspace ONE Web.
    Exchange ActiveSync This payload allows users to access corporate push-based email infrastructures and allows them to set the sync frequency for calendar and email systems.
    Credentials Configure this payload with digital certificates to protect your corporate email, Wi-Fi, VPN, and other corporate assets.
    SCEP With Credentials payload, you can also configure SCEP to handle digital certificates pushed to large-scale devices.    

    For step-by-step instructions on configuring a specific Payload for a particular platform, see the applicable Platform Guide, available on VMware Workspace ONE UEM Console Documentation.

  5. Select Save & Publish.

Configure Workspace ONE Web Settings

Configure the default SDK settings to define behaviors that apply to the Workspace ONE Web. Configure Workspace ONE Web specific system settings to define unique application behavior.
  1. Navigate to Groups and Settings > All Settings > Apps > Workspace ONE Web.
  2. Select whether to Inherit or Override the displayed settings.
    • Inherit– Use the settings of the current organization group's parent OG.
    • Override– Edit and modify the current OG's settings directly.
  3. Configure the relevant settings on the Web Settings tab.
    Setting Description
    Settings and Policies
    Application Profile

    Select an application profile to apply SDK functionality to your app.

    • Default – Allow applications to use the default security policies and settings defined under Apps and Books > Settings > Settings and Policies.
    • Custom – Override default settings and apply custom profiles. Custom profiles use the security policies and settings defined under Apps and Books > Settings > Settings and Policies > Profiles.
    iOS SDK Profile Select the appropriate profile from the drop-down menu that appears when you enable a Custom Application Profile to override default SDK settings.
    Android SDK Profile Select the appropriate profile from the drop-down menu that appears when you enable a Custom Application Profile to override default SDK settings.
    Use Legacy Settings and Policies Enable to configure settings and policies for legacy web only.
    Deactivate Copy (Legacy web only) Enable this option to prevent copying from device. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies.
    Deactivate Printing (Legacy web only) Enable this option to prevent printing from device. Configure this option under Data Loss Prevention in Settings> Apps > Settings and Policies.
    Force Downloads To Open in Content Locker (Legacy web only) Enable this option to open the force downloaded documents in Content Locker. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies.
    Enable AW Tunnel Proxy (Legacy web only) Enable AW App Tunnel Proxy to access internal network. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies.
    iOS SDK Profile (Legacy) Select the appropriate iOS SDK profile from the drop-down menu for the legacy web.
    Accept Cookies Enable to accept cookies from websites viewed in the Workspace ONE Web.
    Clear Cookies Upon Exit Enable to clear cookies when the app fully closes.
    Clear Cookies and History if Idle Enable to clear cookies and history if the web is idle for x minutes.
    Clear Cookies and History if Idle for (mins) Set the idle time in minutes to a value between 0. 5 and 60 to ensure cookies and history are clear.
    Remember History Enable to keep track of the sites visited by the user.
    Remember History From Select the length of time you want the app to remember history to from the drop-down menu.
    Caching Enable to enhance web performance and reduce perceived lag time. Deactivate to protect browsing data on compromised devices.
    Allow Connection to Untrusted Sites

    Deactivate if navigating to untrusted sites is a security concern for your organization.

    Enable to give end users maximum navigation flexibility and ease of use.

    Sync User Bookmarks Enable this to sync bookmarks across various devices of the same user.
    Default View Mode Set the default view mode for Workspace ONE Web. Select Desktop to set desktop as the default view mode. When selected, the Workspace ONE Web renders the web pages in desktop mode if the websites supports the mode.
    Kiosk Mode Enable for Workspace ONE Web to function in Kiosk Mode. Kiosk Mode removes the navigation bar and limits browsing to the homepage and its available links.
    Return Home After Inactivity Direct the Workspace ONE Web back to the home page after a period of Inactivity (min). The values can be greater than or equal to 0. 5 minutes.
    Clear Cookies and History with Home Prevent users from accessing the previous user's secure information after they finish using the Workspace ONE Web.
    Enable Multiple Tabs Support You can have multiple tabs opened within kiosk mode. This feature is supported only on iOS and Android devices.
    Home Page URL Define the URL displayed when the web starts. Leave this field blank to display a 'Recently Visited' page by default.
    Selection Mode

    Allow to limit browsing to domains allow listed in the Allowed Site URLs field.

    Deny to allow browsing to all sites except those denied in the Denied Site URLs field.

    Allowed/Denied Site URLs

    Utilize the following recommendations to Allow allowed domains and denied domains.

    • Define domain names without including full URLs. The Workspace ONE Web filters by domain only, not by folder or page level.
    • Separate domains with a space, comma, or a new line.
    • Define wildcards as part of the domains; listing items from most general to specific. Example: *google. com is more general than http://yahoo. com.

      Entering *. google. com allowlists <text>. google. com, but it does not allow access to http://google. com.

    • Leave out the scheme (http:// or https://) to test the domain for both schemes. Include the scheme to limit testing to the specified scheme.
    • You can enter Port value separately. Restricted URL can contain the complete path, for example, http:// google. com:9191.
    Allow IP Browsing

    Select to Allow IP addresses for browsing.

    A user can navigate to a allowed IP address even if the actual domain for the IP address was included in the Denied Site URL listing.

    Allowed IP Addresses

    Allowed IP addresses using the following recommendations:

    • Enter values in IPv4 formatting with four octets each separated by a period.
    • Enter wildcards to allowed octets. Adding an entry that includes a * in each octet allows browsing to any IP address.
    Terms of Use
    Required Terms of Use

    Select the appropriate agreement from the drop-down menu. For all internal Workspace ONE UEM apps, including the Workspace ONE Web, you can implement a single Terms of Use Agreement for end users to accept. This agreement applies to all Workspace ONE UEM internal applications, and eliminates the need for end users to accept the same agreement multiple times, across apps.

    You can configure and manage your Terms of Use Agreements by navigating to Groups and Settings > All Settings > System > Terms of Use. For more information, please see the VMware AirWatch Mobile Device Management Guide on docs. vmware. com.

    Note: Clear Cookies and History if idle is not supported in Kiosk Mode. You need to enable Return Home After Inactivity and Clear Cookies and History with Home under kiosk settings to achieve this functionality.
  4. Select the Bookmarks tab. Provide the following information to define and push a list of bookmarks to the Workspace ONE Web.
    Setting Description
    URLs for Predefined Bookmarks in Web Configure bookmarks to display as a URL address or with a friendly name.
    Name Provide text in this field to display as the friendly name. Leave this field blank to display the URL as the bookmark name.
    URL Provide the bookmark URL.
    Add Bookmark Select to add additional bookmarks.
  5. Do not configure any settings on the Notifications tab unless a Workspace ONE UEM representative provided you with configuration instructions.
  6. Select Save.

Obtain SDK and application logs from the UEM console

As an administrator, you can request SDK and Web app logs from a managed device through the UEM console. To do so, follow these steps:

  1. Log in to the UEM Console as a system administrator.
  2. Go to DEVICES > List View.
  3. Select your device and go to Apps to see a list of apps installed on it.
  4. Select Workspace ONE Web
  5. Tap Request Logs and select Upload Application logs currently available.
  6. Select OK
  7. Go to More > Attachments > Documents and download the zip folder to get the logs.
    Note: You can retrieve logs from the device only when the Web application is active and not running in the background.

Enable users to upload files from Workspace ONE Content repositories

Workspace ONE WEB lets users to upload files or documents present in the Workspace ONE Content repositories or local storage to a web application opened in Web app. This feature requires the Content app admin to set the SDK custom setting PolicyEnableFileProvider to true when configuring the Content app. For more information, see the VMware Workspace ONE Content admin guide.