When setting up users and devices in Workspace ONE UEM, Workspace ONE UEM uses organization groups (OG) to organize and group users and to establish permissions. When Workspace ONE UEM is integrated with Workspace ONE Access, the admin and enrollment user REST API keys can only be configured at the Workspace ONE UEM organization group of type Customer.
In Workspace ONE UEM environments configured for multi-tenancy, many organization groups are created for users and devices. Devices become registered or enrolled into an organization group. Organization groups can be set up in unique configurations in a multi-tenancy environment. For example, organization groups by separate geographies, departments, or use cases.
You can link domains configured in Workspace ONE Access to specific organization groups in Workspace ONE UEM to manage device registration through Intelligent Hub. When users log in to the Intelligent Hub app, a device registration event is triggered within Workspace ONE Access. During the device registration, a request is sent to Workspace ONE UEM to pull any applications that the user and device combination is entitled to.
The device organization groups must be identified when Workspace ONE UEM is integrated with Workspace ONE Access so that identity manager can locate the user and successfully register the device into the appropriate organization group.
When you configure the Workspace ONE UEM settings in the Workspace ONE Access service, you can enter device organization group IDs and the API keys to map multiple OG to a domain. When users sign into Intelligent Hub from their devices, the user records are verified and the device is registered to the appropriate organization group in Workspace ONE UEM.
To learn more about how to configure multiple organization groups, see Deployment Strategies for Setting Up Multiple Workspace ONE UEM Organization Groups.