Configure direct enrollment with Workspace ONE in the Workspace ONE UEM console. Navigate to Groups & Settings > All Settings > Device & Users/General/Enrollment. The Workspace ONE Device Enrollment Options Table lists the menu items that can be configured.

The Enrollment settings page lets you configure options related to device and user enrollment. The page is divided into tabs which are described below. For detailed information about configuring device enrollment, see the VMware Workspace ONE UEM Mobile Device Management guide.

Figure 1. Workspace ONE UEM Console Enrollment Page
Table 1. Workspace ONE Direct Enrollment Configurable Menu Items

Enrollment Tab

Configurable Menu Items for Direct Enrollment to Workspace ONE

Authentication

Directory users are supported.

In addition, SAML plus Active Directory Users are supported "on-the-fly". SAML without LDAP users are supported when the user record exists in Workspace ONE UEM at the time of the initial login.

For Devices Enrollment Mod, only Open Enrollment is supported. Registered Devices Only is not supported.

Terms of Use

Terms of use can be created to require users accept the terms of use before proceeding with the direct enrollment process.

Grouping

All grouping menu options are compatible with Workspace ONE direct enrollment.

Sync Users Groups in Real Time for Workspace ONE is enabled by default. When a device is enrolling, Workspace ONE UEM makes a real time call to Active Directory to sync the user's user groups. If the user does not exist in Workspace ONE UEM, the Workspace ONE UEM console first syncs the user and then syncs the user groups in real time. If this feature is not enabled, the Workspace ONE UEM console does not sync the user groups.

Note:

This feature is CPU-intensive. If user groups are not frequently changing or the user groups already exist in Workspace ONE UEM, disable this setting for improved performance and to prevent latency issues when launching the Workspace ONE app.

See Placing Devices in the Correct Organization Group section in Deployment Strategies for Setting Up Multiple Workspace ONE UEM Organization Groups.

Restrictions

  • In User Access Control, you can select both Restrict Enrollment to Known Users and Restrict Enrollment to Configured Groups.

  • Maximum device limit is supported.

  • Policy Setting is partially supported.

    • Allowed Ownership Types. Workspace ONE only prompts for Employee Owned and Corporate - Dedicated.

      Note:

      Container Allow enrollment type is not supported.

Optional Prompt

The two optional prompts that can be enabled are Prompt for Ownership Type and Enable Device Asset Number Prompt. The request to enter the asset number is only prompted for when the ownership type is Corporate Owned.

Customization

Customization menu options supported.

  • Post-Enrollment Landing URL (iOS only)

  • MDM Profile Message (iOS only)

  • Use Custom MDM Applications

Use specific Message Template for each Platform can be enabled, but specific Workspace ONE message templates are not available for Workspace ONE 3.2.