Experience VMware Workspace ONE Intelligent Hub through the eyes of an employee using their personal iOS device to access their corporate resources. In this walkthrough, we will see the experience of using a personal device in an unmanaged state and managed state and the features available with adaptive management.
Before You Begin
Before you begin this walkthrough ensure you have the following:
- An iOS device (we recommend updating to the latest version of iOS)
- A valid account in the VMware TestDrive environment, sign up here if you do not yet have an account
- Activated Workspace ONE UEM (formerly VMware AirWatch) service from the My Products tab in the TestDrive Portal.
- Activated Blue Jeans and Salesforce from the Sample Integrations section in the TestDrive Portal.
Login to Workspace ONE
Ensure you're starting with an unenrolled iOS device.
First, Navigate to the app store and download the VMware Workspace ONE Intelligent Hub app.
Once the app installs, launch the app and enter your TestDrive email address.
Your TestDrive email address follows the shown format.
If you're unsure what your TestDrive email address is, you can verify this in the TestDrive portal by following the steps below:
- Login to portal.vmtestdrive.com with your username and password
- Click on the dropdown next to Workspace ONE in the Ready to Use Experiences section to view your credentials
- Here you will find your TestDrive email address
Continuing enrollment, enter your TestDrive email address and select Next.
Next, we'll select the demo we would like to perform. In this guide we are logging in as a BYOD device so select "Enterprise - BYOD Demo" from the dropdown.
Next, enter your TestDrive username and password and click "Sign In".
Next, proceed through the Privacy and Data Sharing screens and the Intelligent Hub app will load the unified Apps page.
Workspace ONE Intelligent Hub Unmanaged Features
Intelligent Hub aggregates all the apps your employees need whether its a virtual app, web app or native app. All employee marked bookmarks now show under the new Favorites section in the app. There are two other sections viz. 'New' for the latest app additions and 'Recommended' for corporate recommended applications. Users can also search for apps based on Categories as defined by the company. On top of this, Workspace ONE's identity solution is providing single sign on and access policy controls to these apps regardless of what device type, enrollment status or endpoint the user is attempting to access the app from.
Under our Favorites section you'll see the web and virtual apps the user has bookmarked for frequent use. If you don't yet have any favorites, you can scroll down to the All Apps Category to add some or search and favorite an item from the search results. If we launch into any of these apps you'll see the single sign on experience. When you click on an icon, Intelligent Hub will single sign you into these apps using SAML authentication. Note that for Horizon apps you will need to install the native horizon app before launching. If you don't install the Horizon app the desktops will open in the Safari browser.
Next, let's take a look at the Intelligent Hub unified app catalog. You'll see the user can add web, virtual, and native apps all from their unmanaged device. You'll also notice some of the native iOS applications (under Mobile Apps Category) have a 'Managed' label below the Install button icon. Native apps that do not contain a 'Managed' label can be installed on the unmanaged device (per the policy which was defined by the admin). In addition, the VMware apps (for e.g. VMware Boxer) will be automatically configured for the user using the Workspace ONE UEM SDK. To see an example of a configured app lets download VMware Boxer from the catalog.
Note: Please make sure you have enabled Office 365 for your TestDrive account before installing VMware Boxer.
Search for VMware Boxer in the app list and select install. Note this app does not have a star icon, therefore, it is permitted to be installed on unmanaged devices.
Click Install to confirm. You'll be redirected to the native app store to install the app.
Once installed, you'll see when launching VMware Boxer that the user's email is already configured. You'll just need to enter your TestDrive password and click "Get Started".
Section 3: Adaptive Management
Next, let's consider the scenario where a user wants to access an app which requires the Workspace Services profile (an app which contains a 'Managed' label). Previously, users had to download a separate app (the AirWatch agent) to activate the Workspace Services profile, however, now this entire process can be completed from the Intelligent Hub application. Navigate back to the Intelligent Hub app and choose the Mobile Apps Category. To initiate the process select any application that has the 'Managed' label. For this example, we will select Salesforce.
Next, click to install the app.
The user is informed that this app requires the Workspace Services profile. Click Next.
Next, you'll be directed to download the Workspace Services configuration profile. Click Allow in the browser to proceed.
This year, Apple has introduced a new workflow to manual profile installations. This change is a new experience for profile installations called “manual profile installation”. This change results in enrollments no longer automatically redirecting from Safari to the iOS Settings to install the MDM or configuration profile. The user must now manually navigate to system settings to install the profile. These changes are part of the iOS platform and not the Workspace ONE platform.
Hit 'Close' when you see the bottom screen.
Navigate to 'Settings' on your device -> 'General' -> 'Profiles'. Install the Workspace Services profile to your device. With this profile, additional restrictions and profiles including certificates are being installed on your device.
Once the profile is installed, navigate back to the Intelligent Hub. Click on 'Done' when enrollment is complete. Follow the steps to accept the Terms of Use and launch into the Intelligent Hub home screen.
Now you have successfully installed the Workspace Services profile and you will be able to access all apps, even ones that were previously locked. Next, you'll be brought to install the app you were attempting to install previously. See that it no longer contains a 'Managed' label. Click Install and the app will begin installing on the native springboard.
At this point your device has access to all OS level MAM features including app config, remote commands, compliance policies, and more. All apps will be available for download from the Workspace ONE catalog.
Section 4: Remove Account
The last step we will perform is to remove the corporate info from our device similar to how an organization could remove this info if the device was lost or stolen.
First, open a web browser and navigate to wsuem.vmtestdrive.com. Log in with your TestDrive username and password.
You username must adhere to this format: vmwtd.com\username
Next, ensure you're using the "Device Administrator at World Wide Enterprises" role by checking your account settings in the top right.
Next, navigate to "Devices > List View" in the left column. You can search for your username in the right side of the screen to find your device in the list. Click the name of your device to open the device details.
Now Click "More Actions > Delete Device" to both delete your device record from the console and issue an enterprise wipe or choose or "More Actions > Enterprise Wipe" to only issue an enterprise wipe to your device.
If we switch back to our device, you'll now see the corporate apps and profiles have been removed from the device. Any apps that remain on the device that the user may have logged into outside of management will be reset so the user can no longer access their corporate info (Example, Horizon).