Check Out with Workspace ONE

Created: Modified: Checkout

Like GroundControl, VMware Workspace ONE (formerly “AirWatch”) includes features for shared device checkout. This article explains how to link GroundControl with Workspace ONE, so that the checkout features are synchronized between the two systems.

Once linked, a checkout in GroundControl — via a proximity badge tap, for example — assigns the device to the user in your MDM. This will trigger any user-assigned apps or policies for the device.

For example, imagine Alice checks out a device. Here are some things that may then happen:

  • The MDM lists the device with “Alice” as the device user.
  • The MDM can send an email configuration personalized for Alice.
  • The MDM can use SCEP to create an identity certificate for Alice, and send that to the device.
  • SSO-aware apps on the device, such as Voalte One or Box, can use Alice’s identity certificate to automatically sign in, without prompting for a username or password.
Enroll to a Multi-User Staging User

The device must be initially enrolled into Workspace ONE UEM with the Staging Mode option set to Multi-user device. This enables GroundControl to manage the Workspace ONE checkout/in features.

This may be set in your DEP profile.

Assign the User during Check Out

This option is not available for Android devices in GroundControl 6.0 or later.

Add the action “Perform MDM Command” to your “Check Out” Workflow. Set this to assign the staged device to user “[Device User]”, the attribute that contains the username of the person checking out the device.

Reset the User during Check In

Add the action “Perform MDM Command” to your “Check In” Workflow. Set this to assign the staged device to the staging user’s user ID.

NOTE: This is not required when you erase devices on check in.

At this point, test a check out. If it is working properly, you will be able to look at the device listing in Workspace ONE and see the user’s name as the device owner. After the device is checked in, the device owner should revert to the staging user.

Configure Workspace ONE Access

Configure your MDM to fetch and deploy identity certificates, and to configure your identity management software to accept those certificates for authentication. Those steps are beyond the scope of this documentation. For more information, see your VMware documentation.