Workspace ONE UEM supports shared devices scenarios for Android, macOS, and iOS platforms. Examples of scenarios that use a shared pool of devices include shared mobile nursing devices for healthcare and shared mobile point of sale devices for retail. For information on how to configure Workspace ONE UEM, find use cases that outline how to set user accounts, how to set up device enrollment, and how to configure and deploy profiles to facilitate your shared devices deployment.
There are basic capabilities surrounding the functionality and security of devices that are shared across multiple users. These capabilities offer compelling reasons to consider shared devices as a cost-effective solution to making the most of enterprise mobility.
Platforms That Support Shared Devices
The following devices support shared device/multi-user device functionality.
You can configure Workspace ONE UEM to provide your shift workers, and other roles that share devices, access to corporate resources. Configure and use different apps, policies, and branding based on a user's role. To ensure user privacy, certain apps can have their app data cleared between user sessions. You can use the launcher native to Android or you can use the Workspace ONE UEM Launcher.
Workspace ONE UEM offers different solutions to enable iOS devices for shared purposes. You can configure Workspace ONE UEM to provide your shift workers access to corporate resources. This use case outlines how to configure and assign different apps and policies to shift workers based on their roles.
Shared Device capabilities are available natively on Apple iPads integrated with Apple Business Manager. This functionality called Shared iPads for Business leverages the user's Managed Apple ID for login and does not take place in the Workspace ONE Intelligent Hub for login and logout. For more information, see Shared iPads for Business
The log in and log out functions are self-contained within the Workspace ONE Intelligent Hub. Self-containment ensures that the enrollment status is never affected, and that the device is managed whether it is in use or not.
You can log in to and out of an iOS device that is shared across multiple users.
Run the Workspace ONE Intelligent Hub on the device.
Enter the end-user credentials.
If the device is already logged in to Workspace ONE Intelligent Hub, then the user is prompted to enter an SSO Passcode. If the device is not logged in, then the user is prompted to enter a user name and password. The profiles assigned to each user are pushed down based on the smart group and user group association.
Note: If Prompt User for Organization Group is enabled, then end users are required to enter a Group ID to log in to a device.
Note: If prompted for a passcode, users can create one in the Self-Service Portal. These passcodes are subject to an expiration period. As the expiration period nears, the Workspace ONE Intelligent Hub prompts users to change the passcode on the device. If users do not a change their passcode before it expires, users must return to the Self-Service Portal to create another passcode.
Multiple users can log in to and out of a macOS shared device, activating the automatic push of device profiles.
Log In to a macOS Device – Using assigned Network credentials, log in to a macOS device that has been staged and you receive the profiles assigned to your account in Workspace ONE UEM.
Log out of a macOS Device – The standard macOS log-out procedure also logs the device out of your assigned Workspace ONE UEM user profile.
While strictly optional, making an organization group (OG) specific to shared devices offers many benefits due to multi-tenancy and inherited device settings.
If you have a large number of shared devices in your fleet and you want to manage them apart from single user devices, you can make a shared device-specific OG. Making a shared device hierarchy in your OG structure is optional. Features like smart groups and user groups mean you do not have to rely strictly on OG hierarchy design to simplify device management.
However, having a shared device OG (or nested OGs) simplifies device management by enabling you to standardize device functionality through profiles, policies, and device inheritance without the processing overhead required by a smart group or a user group.
|Name||Enter a name for the child organization group (OG) to be displayed. Use alphanumeric characters only. Do not use odd characters.|
|Group ID||Enter an identifier for the OG for the end users to use during the device login. Group IDs are used during the enrollment of group Devices to the appropriate OG.
Ensure that users sharing devices receive the Group ID as it might be required for the device to log in depending on your Shared Device configuration.
If you are not in an on-premises environment, the Group ID identifies your organization group across the entire shared SaaS environment. For this reason, all Group IDs must be uniquely named.
|Type||Select the preconfigured OG type that reflects the category for the child OG.|
|Country||Select the country where the OG is based.|
|Locale||Select the language classification for the selected country.|
|Customer Industry||This setting is only available when Type is Customer. Select from the list of Customer Industries.|
|Time Zone||Select the time zone for the OG's location.|