Lab 5: Managing Users and Administrators

Objective and Tasks

Manage user and administrator accounts and roles:

  1. Create a Basic User
  2. Review the User Management Settings
  3. Review User Roles
  4. Add a Custom Administrator Role
  5. Add an Administrator and Assign Roles
  6. Review the Administrator User Management Settings
  7. Log In with a New Admin User and Test Role Permissions

Task 1: Create a Basic User

You create a basic user account in the Workspace ONE UEM console. The basic user account is used for enrolling devices in later lab activities.

  1. Open the Workspace ONE UEM administration console.
    1. On the ControlCenter Windows taskbar, click the Google Chrome icon.
    2. From the bookmarks bar, select  Workspace ONE UEM.

You can also enter https://techseals.awmdm.com/AirWatch in the address bar to access the console page.

  1. Log in to Workspace ONE UEM.
    • User name: studentadmin{labid}
    • Password: Pa$$w0rd

Organization Group drop-down menu.

  1. In the navigation pane on the left, select Accounts > Users > List View.
  2. From the Add drop-down menu under List View, click Add User.
  3. On the General tab, configure the user information.
Option Action
Username Enter studentuser{labid} in the text box.
Password Enter Pa$$w0rd in the text box.
Confirm Password Enter Pa$$w0rd in the text box.
Full Name Enter Student in the First Name text box and enter User in the Last Name text box.
Email Address Enter no-reply@omnissa.com in the text box.
  1. Click Save.
NOTE
Leave the Workspace ONE UEM console page open for later labs.

Task 2: Review the User Management Settings

You review the user management capabilities in the Workspace ONE UEM console.

  1. On the Users List View page, click the studentuser{labid} hyperlink under the General Info column.
  2. Click the More drop-down menu and review the available options.

Task 3: Review User Roles

You review the available user roles.

  1. In the navigation pane on the left, select Accounts > Users > Roles.
  2. Review the available roles.
    • Through their OG settings, all new or imported users can be assigned to have access to the Self-Service Portal (SSP).
    • The Full Access, Basic Access, and External Access roles cannot be changed because they are managed at the root OG (global level).
    • If these roles do not match your deployment requirements, you can create a custom role by clicking Add Role and configuring the required values.

Task 4: Add a Custom Administrator Role

You add a custom administrator role to your Workspace ONE UEM tenant.

  1. On the Workspace ONE UEM console menu bar, verify that Student{labid} OG is selected from the Organization Group drop-down menu.
  2. In the navigation pane on the left, select Accounts > Administrators > Roles.
  3. Click ADD ROLE.
  4. Enter Custom Device Manager {labid} in the Name text box.
  5. Enter Custom Device Manager Role for Help Desk in the Description text box.
  6. Configure the Device Management settings.
    1. In the left pane under Categories, select Device Management.
    2. The Read and Edit permissions appear in the right pane under Device Management.
  7. Under Device Management, select the Edit check box to enable Edit permission for all categories.
  8. Click Save.

The custom Device Manager role is now listed in your OG

Task 5: Add an Administrator and Assign Roles

You add an administrator account and assign the custom administrator role to it.

  1. In the navigation pane on the left, select Accounts > Administrators > List View.
  2. From the Add drop-down menu, select Add Admin.
  3. Next to User Type, click Basic to configure a basic administrator role and configure all required items (indicated in the UI by a red asterisk).
Option Action
Username Enter deviceadmin{labid} in the text box.
Password Enter Pa$$w0rd in the text box.
Confirm Password Enter Pa$$w0rd in the text box.
First Name Enter Device in the text box.
Last Name Enter Admin in the text box.
Email Address Enter [email protected] in the text box.
Time Zone Leave the default setting.
Locale Leave the default setting.
Initial Landing Page Leave the default setting.
IMPORTANT
Each user name must be unique in this environment. The password must be alphanumeric and contain a minimum of six characters.
You can choose to require a password change when the new Workspace ONE UEM administrator logs in.
  1. In the Roles tab.
  2. Assign the new Custom Device Manager role that you created.
    1. Click in the Select Organization Group search box; type and select Student{labid}.
    2. Click in the Select Role search box, select Custom Device Manager.
    3. Click NEXT and click NEXT again.
    4. Click Save.
NOTE
If saving the role fails, ensure that no other role is selected. You must also ensure that the password is at least six characters long and composed of letters and numbers.
NOTE
The new administrator account is created with the Custom Device Manager role at your top-level OG. Applying customized administrative role assignments prevents administrators from interacting with the wrong environment or settings.

You are redirected back to the Administrator List View page.

Task 6: Review the Administrator User Management Settings

You review the administrator account management capabilities in the Workspace ONE UEM console.

  1. On the Workspace ONE UEM console menu bar, verify that Student{labid} is selected from the Organization Group drop-down menu.
  2. In the navigation pane on the left, select Accounts > Administrators > List View.
  3. Click the vertical ellipsis button next to the administrator account user name.
  4. Review the controls used to implement key management features for ongoing maintenance and the upkeep of your administrator accounts.
    • Edit (pencil icon): Used to change administrator information to keep current contact information or privileges
    • Deactivate: Used to change the status of an administrator account from active to inactive

With this control, you can temporarily suspend management features and privileges while maintaining the administrator account to use later.

  • Activate: Used to change the status of an administrator account from inactive to active
  • More Actions:
    • Reset Password: Used to reset a compromised or forgotten password by an administrative user

This setting only applies to a Basic administrator account. A Directory administrator account password can only be reset in the identity source.

  • Delete: Used to remove an account and revoke all console privileges
  • Login History: Displays a record of when administrators log in and out of the Workspace ONE UEM console.

Task 7: Log In with a New Admin User and Test Role Permissions

You log in to the Workspace ONE UEM console with the newly created administrator account.

  1. Open a new incognito window in Google Chrome.
  2. Log in to the Workspace ONE UEM console with the new administrator account.
    • User name: deviceadmin{labid}
    • Password: Pa$$w0rd
  3. If prompted, read the Terms of Use and click Accept.
  4. Configure a Password Recovery question.
  5. From the Password Recovery Question drop-down menu, select a security question.
  6. Enter your answer in the Password Recovery Answer and Confirm Password Recovery Answer text boxes.
  7. Enter a 1234 in the Security PIN and Confirm Security PIN text boxes. Record this value for future use.
  8. Click Save.
  9. Review the controls in the navigation pane.
NOTE
The controls are based on the roles that you assigned to this Workspace ONE UEM administrator account. You only have limited access to the navigation items because the new administrator account was only granted the Custom Device Manager admin privilege.
  1. Close the incognito window.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.