Shared Device/Multi-User Device functionality in Workspace ONE UEM powered by AirWatch ensures that security and authentication are in place for every unique end user. Shared devices can also allow only specific end users to access sensitive information.
Issuing a device to every employee in certain organizations can be expensive. Workspace ONE UEM powered by AirWatch lets you share a mobile device among end users in two ways: using a single fixed configuration for all end users, or using a unique configuration setting for individual end users.
When administering shared devices, you must first provision the devices with applicable settings and restrictions before deploying them to end users. Once deployed, Workspace ONE UEM uses a simple login or log-out process for shared devices in which end users simply enter their directory services or dedicated credentials to log in. The end-user role determines their level of access to corporate resources such as content, features, and applications. This role ensures the automatic configuration of features and resources that are available after the user logs in.
The login or log-out functions are self-contained within the Workspace ONE Intelligent Hub. Self-containment ensures that the enrollment status is never affected, and that the device is managed whether it is in use or not.
Shared Device capabilities are also possible natively on Apple iPads integrated with Apple Business Manager. This functionality called Shared iPads for Business leverages the user's Managed Apple ID for login and does not take place in the Workspace ONE Intelligent Hub for login and logout. To know more about configuring Shared iPads for Business with Apple Business Manager and steps to achieve this functionality, see Shared iPads for Business in Introduction to Apple Business Manager Guide available on docs.vmware.com.
Shared Devices Capabilities
There are basic capabilities surrounding the functionality and security of devices that are shared across multiple users. These capabilities offer compelling reasons to consider shared devices as a cost-effective solution to making the most of enterprise mobility.
Platforms That Support Shared Devices
The following devices support shared device/multi-user device functionality.
While strictly optional, making an organization group (OG) specific to shared devices offers many benefits due to multi-tenancy and inherited device settings.
If you have a large number of shared devices in your fleet and you want to manage them apart from single user devices, you can make a shared device-specific OG. Making a shared device hierarchy in your OG structure is optional. Features like smart groups and user groups mean you do not have to rely strictly on OG hierarchy design to simplify device management.
However, having a shared device OG (or nested OGs) simplifies device management by enabling you to standardize device functionality through profiles, policies, and device inheritance without the processing overhead required by a smart group or a user group.
Navigate to Groups & Settings > Groups > Organization Groups > Organization Group Details.
Here, you can see an OG representing your company.
Ensure the Organization Group Details displayed are accurate, and then use the available settings to make modifications, if necessary. If you make changes, select Save.
Select Add Child Organization Group.
Enter the following information for the first OG underneath the top-level OG.
|Name||Enter a name for the child organization group (OG) to be displayed. Use alphanumeric characters only. Do not use odd characters.|
|Group ID||Enter an identifier for the OG for the end users to use during the device login. Group IDs are used during the enrollment of group devices to the appropriate OG.
Ensure that users sharing devices receive the Group ID as it might be required for the device to log in depending on your Shared Device configuration.
If you are not in an on-premises environment, the Group ID identifies your organization group across the entire shared SaaS environment. For this reason, all Group IDs must be uniquely named.
|Type||Select the preconfigured OG type that reflects the category for the child OG.|
|Country||Select the country where the OG is based.|
|Locale||Select the language classification for the selected country.|
|Customer Industry||This setting is only available when Type is Customer. Select from the list of Customer Industries.|
|Time Zone||Select the time zone for the OG's location.|
Multiple users can log in to and out of a macOS shared device, activating the automatic push of device profiles.
Log In to a macOS Device - Using assigned Network credentials, log in to a macOS device that has been staged and you receive the profiles assigned to your account in Workspace ONE UEM.
Log out of a macOS Device - The standard macOS log-out procedure also logs the device out of your assigned Workspace ONE UEM user profile.