Configure direct enrollment with Workspace ONE in the AirWatch admin console. Navigate to Groups & Settings > All Settings > Device & Users/General/Enrollment. The Workspace ONE Device Enrollment Options Table lists the menu items that can be configured.

The Enrollment settings page lets you configure options related to device and user enrollment. The page is divided into tabs which are described below. For detailed information about configuring device enrollment, see the VMware AirWatch Mobile Device Management guide.

Figure 1. AirWatch Console Enrollment Page
Table 1. Workspace ONE Direct Enrollment Configurable Menu Items

Enrollment Tab

Configurable Menu Items for Direct Enrollment to Workspace ONE

Authentication

Directory users are supported.

In addition, SAML plus Active Directory Users are supported "on-the-fly". SAML without LDAP users are supported when the user record exists in AirWatch at the time of the initial login.

For Devices Enrollment Mod, only Open Enrollment is supported. Registered Devices Only is not supported.

Terms of Use

Terms of use can be created to require users accept the terms of use before proceeding with the direct enrollment process.

Grouping

All grouping menu options are compatible with Workspace ONE direct enrollment.

Sync Users Groups in Real Time for Workspace ONE is enabled by default. When a device is enrolling, AirWatch makes a real time call to Active Directory to sync the user's user groups. If the user does not exist in AirWatch, the AirWatch console first syncs the user and then syncs the user groups in real time. If this feature is not enabled, the AirWatch console does not sync the user groups.

Note:

This feature is CPU-intensive. If user groups are not frequently changing or the user groups already exist in AirWatch, disable this setting for improved performance and to prevent latency issues when launching the Workspace ONE app.

See Placing Devices in the Correct Organization Group section in Estrategias de implementación para configurar varios grupos de organización de AirWatch.

Restrictions

  • In User Access Control, you can select both Restrict Enrollment to Known Users and Restrict Enrollment to Configured Groups.

  • Maximum device limit is supported.

  • Policy Setting is partially supported.

    • Allowed Ownership Types. Workspace ONE only prompts for Employee Owned and Corporate - Dedicated.

      Note:

      Container Allow enrollment type is not supported.

Optional Prompt

The two optional prompts that can be enabled are Prompt for Ownership Type and Enable Device Asset Number Prompt. The request to enter the asset number is only prompted for when the ownership type is Corporate Owned.

Customization

Customization menu options supported.

  • Post-Enrollment Landing URL (iOS only)

  • MDM Profile Message (iOS only)

  • Use Custom MDM Applications

Use specific Message Template for each Platform can be enabled, but specific Workspace ONE message templates are not available for Workspace ONE 3.2.