This section explains the payloads applicable to Workspace ONE Web and the instructions for configuring Web.
- Navigate to Add Profile . and select
- Select a platform for the profile that you want to deploy.
- Configure General Settings to determine how the profile deploys, who receives it, and other settings.
- Select and configure a Payload.
Payload Description iOS Android Windows 8 Restrictions Block the native browsers on devices using a restrictions payload to keep end users from using the native web instead of the Workspace ONE Web. ✓ ✓ ✓ Exchange ActiveSync This payload allows users to access corporate push-based email infrastructures and allows them to set the sync frequency for calendar and email systems. ✓ ✓ ✓ Credentials Configure this payload with digital certificates to protect your corporate email, Wi-Fi, VPN, and other corporate assets. ✓ ✓ ✓ SCEP With Credentials payload, you can also configure SCEP to handle digital certificates pushed to large-scale devices. ✓
For step-by-step instructions on configuring a specific Payload for a particular platform, see the applicable Platform Guide, available on VMware Workspace ONE UEM Console Documentation.
- Select Save & Publish.
Configure Workspace ONE Web Settings
- Navigate to Groups and Settings > All Settings > Apps > Workspace ONE Web.
- Select whether to Inherit or Override the displayed settings.
- Inherit– Use the settings of the current organization group's parent OG.
- Override– Edit and modify the current OG's settings directly.
- Configure the relevant settings on the Web Settings tab.
Setting Description Settings and Policies Application Profile
Select an application profile to apply SDK functionality to your app.
- Default – Allow applications to use the default security policies and settings defined under Apps and Books > Settings > Settings and Policies.
- Custom – Override default settings and apply custom profiles. Custom profiles use the security policies and settings defined under Apps and Books > Settings > Settings and Policies > Profiles.
iOS SDK Profile Select the appropriate profile from the drop-down menu that appears when you enable a Custom Application Profile to override default SDK settings. Android SDK Profile Select the appropriate profile from the drop-down menu that appears when you enable a Custom Application Profile to override default SDK settings. Use Legacy Settings and Policies Enable to configure settings and policies for legacy web only. Disable Copy (Legacy web only) Enable this option to prevent copying from device. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies. Disable Printing (Legacy web only) Enable this option to prevent printing from device. Configure this option under Data Loss Prevention in Settings> Apps > Settings and Policies. Force Downloads To Open in Content Locker (Legacy web only) Enable this option to open the force downloaded documents in Content Locker. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies. Enable AW Tunnel Proxy (Legacy web only) Enable AW App Tunnel Proxy to access internal network. Configure this option under Data Loss Prevention in Settings > Apps > Settings and Policies. iOS SDK Profile (Legacy) Select the appropriate iOS SDK profile from the drop-down menu for the legacy web. General Accept Cookies Enable to accept cookies from websites viewed in the Workspace ONE Web. Clear Cookies Upon Exit Enable to clear cookies when the app fully closes. Clear Cookies and History if Idle Enable to clear cookies and history if the web is idle for x minutes. Clear Cookies and History if Idle for (mins) Set the idle time in minutes to a value between 0. 5 and 60 to ensure cookies and history are clear. Remember History Enable to keep track of the sites visited by the user. Remember History From Select the length of time you want the app to remember history to from the drop-down menu. Caching Enable to enhance web performance and reduce perceived lag time. Disable to protect browsing data on compromised devices. Allow Connection to Untrusted Sites
Disable if navigating to untrusted sites is a security concern for your organization.
Enable to give end users maximum navigation flexibility and ease of use.
Sync User Bookmarks Enable this to sync bookmarks across various devices of the same user. Default View Mode Set the default view mode for Workspace ONE Web. Select Desktop to set desktop as the default view mode. When selected, the Workspace ONE Web renders the web pages in desktop mode if the websites supports the mode. Mode Kiosk Mode Enable for Workspace ONE Web to function in Kiosk Mode. Kiosk Mode removes the navigation bar and limits browsing to the homepage and its available links. Return Home After Inactivity Direct the Workspace ONE Web back to the home page after a period of Inactivity (min). The values can be greater than or equal to 0. 5 minutes. Clear Cookies and History with Home Prevent users from accessing the previous user's secure information after they finish using the Workspace ONE Web. Enable Multiple Tabs Support You can have multiple tabs opened within kiosk mode. This feature is supported only on iOS and Android devices. Home Page URL Define the URL displayed when the web starts. Leave this field blank to display a 'Recently Visited' page by default. Selection Mode
Allow to limit browsing to domains white listed in the Allowed Site URLs field.
Deny to allow browsing to all sites except those blacklisted in the Denied Site URLs field.
Allowed/Denied Site URLs
Utilize the following recommendations to whitelist allowed domains and blacklist denied domains.
- Define domain names without including full URLs. The Workspace ONE Web filters by domain only, not by folder or page level.
- Separate domains with a space, comma, or a new line.
- Define wildcards as part of the domains; listing items from most general to specific. Example: *google. com is more general than http://yahoo. com.
Entering *. google. com whitelists <text>. google. com, but it does not allow access to http://google. com.
- Leave out the scheme (http:// or https://) to test the domain for both schemes. Include the scheme to limit testing to the specified scheme.
- You can enter Port value separately. Restricted URL can contain the complete path, for example, http:// google. com:9191.
Allow IP Browsing
Select to whitelist IP addresses for browsing.
A user can navigate to a whitelisted IP address even if the actual domain for the IP address was included in the Denied Site URL listing.
Allowed IP Addresses
Whitelist IP addresses using the following recommendations:
- Enter values in IPv4 formatting with four octets each separated by a period.
- Enter wildcards to whitelist octets. Adding an entry that includes a * in each octet allows browsing to any IP address.
- Select the Bookmarks tab. Provide the following information to define and push a list of bookmarks to the Workspace ONE Web.
Setting Description URLs for Predefined Bookmarks in Web Configure bookmarks to display as a URL address or with a friendly name. Name Provide text in this field to display as the friendly name. Leave this field blank to display the URL as the bookmark name. URL Provide the bookmark URL. Add Bookmark Select to add additional bookmarks.
- Do not configure any settings on the Notifications tab unless a Workspace ONE UEM representative provided you with configuration instructions.
- Select Save.