Your organization employs frontline workers who are hourly shift workers. When these workers are working on their shift, you want the shift workers to use the Workspace ONE Intelligent Hub app on their devices to access their digital workspace to use tools to help simplify their daily tasks, access training materials, manage their shift schedule and benefits, and receive company notifications. You set up a shift-based access control system to selectively restrict access to work content, services, and apps when frontline workers are not on the shift.

Note: The Shift-based access control is available now as a Tech Preview. You can install the tech preview in your test environment to participate in the Shift-based Access Control tech preview. This feature is not fully supported and cannot be used in a production environment.

VMware Workspace ONE products that support shift-based access to your digital workspace

VMware Workspace ONE Products used for Shift-Based Access

Role in the Shift-Based Access Configuration

Workspace ONE Experience Workflows

In the Hub Services console Workspace ONE Experience Workflows page, you configure the Kronos - Worker Status integration pack to retrieve the current working status of your workers.

The Workspace ONE Experience Workflows service connects to your Kronos punch Clocking In and Out service to dynamically retrieve current working status so that you can configure policies based on their status.

Workspace ONE Hub Services

In the Hub Services console, you configure templates to restrict access to specific features in the Workspace ONE Intelligent Hub app. You can restrict access to the Custom tab, People tab, For You tab to pause notifications, and Employee Self-Service tab.

Workspace ONE UEM

In the Workspace ONE UEM console, you configure the time awareness feature, Block Access to App When User is Off Shift, in the Components Profile page to restrict access to the Workspace ONE Intelligent Hub app and then deploy that profile to the Workspace ONE Intelligent Hub app and other apps.

Workspace ONE Access

In the Workspace ONE Access console, you configure shift-based access as an authorization method to manage when workers can access specific federated web applications that are configured in the Workspace ONE Access catalog. The authorization is applied after workers are authenticated based on access policy rules.

Figure 1. Workspace ONE Components Interacting with Time Keeping Systems to Support Shift-Based Access Control
How Workspace ONE components interact with time keeping systems to support shift-based access control

How to set up shift-based access control?

Shift-based access control with Workspace ONE enables your company to deliver a digital workspace that is shift aware. Shift-based access control restricts the use of different product apps and features when a worker is not clocked-in for their shift.

Workspace ONE Experience Workflows is the central component for shift-based access control that connects to a third-party time keeping system that manages the worker scheduling data. In this case, you integrate VMware Workspace ONE Experience Workflows™ in Hub Services with your Kronos third-party time keeping system to retrieve the data about the current working status of your workers.

In Kronos, you configure the Punch Clocking In and Out service to retrieve the current working status of your workers and sync the work status to the Boomi service in Workspace ONE Experience Workflows. The data retrieved from Kronos enables you to manage and restrict access to your company’s apps when workers are not working

To manage access to Workspace ONE Intelligent Hub app and Hub portal features, in the Hub Services console you configure Hub Services templates to restrict access to the For You tab, People Search tab, Employee Self-service tab, and Custom tab when workers are not working and assign the templates to user groups.

In the Workspace ONE UEM console, you configure the Time Awareness component profile and assign the profile to the Workspace ONE Intelligent Hub app if you do not want your workers to access the Workspace ONE Intelligent Hub app from their iOS and Android mobile devices when they are not working.

In the Workspace ONE Access console, you configure a shift-based access authorization method and create application-specific access policies to manage when workers can access web and desktop apps from your company’s application catalog.

You configure Workspace ONE Access to be the source of authentication when users access their resources from the Workspace ONE Intelligent Hub app or Hub portal.