Lab 3: User and group management
Objective and Tasks
- Create a Basic User
- Review the User Management Settings
- Review User Roles
- Add a Custom Administrator Role
- Add an Administrator and Assign Roles
- Review the Administrator User Management Settings
- Log In with a New Admin User and Test Role Permissions
- Create an assignment group
- Create an Organization Group
Task 1: Create a Basic User
You create a basic user account in the Workspace ONE UEM console. The basic user account is used for enrolling devices in later lab activities.
- Open the Workspace ONE UEM administration console.
- On the ControlCenter Windows taskbar, click the Google Chrome icon.
- From the bookmarks bar, select Workspace ONE UEM.
You can also enter https://omnissatraining.awmdm.com/Airwatch in the address bar to access the console page.
- Log in to Workspace ONE UEM.
- User name:
studentadmin{labid} - Password:
Pa$$w0rd
- User name:
In the navigation pane at the top, select Accounts, and then click Users.
- From the Add drop-down menu, click Add User.
- On the General tab, configure the user information.
| Option | Action |
| Username | Enter newuser{labid} in the text box. |
| Password | Enter Pa$$w0rd in the text box. |
| Confirm Password | Enter Pa$$w0rd in the text box. |
| Full Name | Enter New in the First Name text box and enter User in the Last Name text box. |
| Email Address | Enter [email protected] in the text box. |
- Click Save.
Leave the Workspace ONE UEM console page open for later labs.
Task 2: Review the User Management Settings
You review the user management capabilities in the Workspace ONE UEM console.
- On the Users page, click the studentuser{labid} hyperlink under the General Info column.
- Click the More Actions drop-down menu and review the available options.
Task 3: Review User Roles
You review the available user roles.
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Accounts. Under Users click User Roles.
- Review the available roles.
- Through their OG settings, all new or imported users can be assigned to have access to the Self-Service Portal (SSP).
- The Full Access, Basic Access, and External Access roles cannot be changed because they are managed at the root OG (global level).
- If these roles do not match your deployment requirements, you can create a custom role by clicking Add Role and configuring the required values.
Task 4: Add a Custom Administrator Role
You add a custom administrator role to your Workspace ONE UEM tenant.
- In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Accounts. Expand Administrators and click Admin Roles.
- Click Add Role.
- Enter
Custom Device Manager {labid}in the Name text box. - Enter
Custom Device Manager Role for Help Deskin the Description text box. - Configure the Device Management settings.
- In the left pane under Categories, select Device Management.
- The Read and Edit permissions appear in the right pane under Device Management.
- Under Device Management, select the Edit check box to enable "Edit" permission for all categories.
- Click Save.
- The custom Device Manager role is now listed in your OG.
Task 5: Add an Administrator and Assign Roles
You add an administrator account and assign the custom administrator role to it.
- n the navigation pane at the top, select Accounts. Expand Administrators and click Admins.
- From the Add drop-down menu, select Add Admin.
- Click Basic and click Next to configure a basic administrator and configure the following items.
| Option | Action |
| Username | Enter deviceadmin{labid} in the text box. |
| Password | Enter Pa$$w0rd in the text box. |
| Confirm Password | Enter Pa$$w0rd in the text box. |
| First Name | Enter Device in the text box. |
| Last Name | Enter Admin in the text box. |
| Email Address | Enter [email protected] in the text box. |
| Time Zone | Leave the default setting. |
| Locale | Leave the default setting. |
| Initial Landing Page | Leave the default setting. |
Each user name must be unique in this environment. The password must be alphanumeric and contain a minimum of six characters.
- Click Next to go to the Roles tab.
- Assign the new Custom Device Manager role that you created.
- Click in the Select Organization Group search box; type
student, and select Student{labid}. - Click in the Select Role search box, type
custom, and select Custom Device Manager{labid}. - Click Next and click Next again.
- Click Save.
- If a Warning window comes up, click Continue.
- Click in the Select Organization Group search box; type
If saving the role fails, ensure that no other role is selected. You must also ensure that the password is at least six characters long and composed of letters and numbers.
The new administrator account is created with the Custom Device Manager role at your top-level OG. Applying customized administrative role assignments prevents administrators from interacting with the wrong environment or settings.
You are redirected back to the Administrator List View page.
Task 6: Review the Administrator User Management Settings
You review the administrator account management capabilities in the Workspace ONE UEM console.
- In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
- In the navigation pane at the top, select Accounts. Expand Administrators and click Admins.
- Click the vertical ellipsis button next to the administrator account user name.
- Review the controls used to implement key management features for ongoing maintenance and the upkeep of your administrator accounts.
- Edit (pencil icon): Used to change administrator information to keep current contact information or privileges
- Deactivate: Used to change the status of an administrator account from active to inactive. With this control, you can temporarily suspend management features and privileges while maintaining the administrator account to use later.
- Activate: Used to change the status of an administrator account from inactive to active.
- Reset Password: Used to reset a compromised or forgotten password by an administrative user. This setting only applies to a Basic administrator account
- Login History: Displays a record of when administrators log in and out of the Workspace ONE UEM console.
- Delete: Used to remove an account and revoke all console privileges.
Task 7: Log In with a new admin user and test role permissions
You log in to the Workspace ONE UEM console with the newly created administrator account.
- Open a new incognito window in Google Chrome.
- Enter
https://omnissatraining.awmdm.com/AirWatchin the address bar to access the console page. - Log in to the Workspace ONE UEM console with the new administrator account.
- User name:
deviceadmin{labid} - Password:
Pa$$w0rd
- User name:
- If prompted, read the Terms of Use and click Accept.
- Configure a Password Recovery question.
- From the Password Recovery Question drop-down menu, select a security question.
- Enter your answer in the Password Recovery Answer and Confirm Password Recovery Answer text boxes.
- Enter a
1234in the Security PIN and Confirm Security PIN text boxes. Record this value for future use. - Click Save.
- Review the controls in the navigation pane.
The controls are based on the roles that you assigned to this Workspace ONE UEM administrator account. You only have limited access to the navigation items because the new administrator account was only granted the Custom Device Manager admin privilege.
- Close the incognito window.
Task 8: Create an assignment group
You add assignment groups in your Workspace ONE UEM student tenant.
In the upper-right corner of the console, click the drop-down menu with your administrator name and verify that Student{labid} organization group is selected from the Organization Group drop-down menu.
In the navigation pane at the top, select Groups & Settings. Under Groups, select Assignment Groups.
Click Add Smart Group.
Enter
Windows Desktop Devicesin the Name text box.Leave Criteria selected next to Choose Type.
Expand Platform and Operating System in the navigation pane.
In the top-left drop-down menu, select Windows. Leave the default selections for the other drop-down menus.
Expand Model Type in the navigation pane.
Click Selected, and ensure that Windows - Desktop is the only option selected .
Click Save.
Click Add Smart Group.
Enter
Windows Server Devicesin the Name text box.Leave Criteria selected next to Choose Type.
Expand Platform and Operating System in the navigation pane.
In the top-left drop-down menu, select Windows. Leave the default selections for the other drop-down menus.
Expand Model Type in the navigation pane.
Click Selected, and ensure that Windows - Server is the only option selected .
Click Save.
Click Add Smart Group.
Enter
Linux Devicesin the Name text box.Expand Platform and Operating System in the navigation pane.
In the top-left drop-down menu, select Linux. Leave the default selections for the other drop-down menus.
Click Save.
Click Add Smart Group.
Enter
Android Devicesin the Name text box.Expand Platform and Operating System in the navigation pane.
In the top-left drop-down menu, select Android. Leave the default selections for the other drop-down menus.
Click Save.
Click Add Smart Group.
Enter
iOS Devicesin the Name text box.Expand Platform and Operating System in the navigation pane.
In the top-left drop-down menu, select Apple iOS. Leave the default selections for the other drop-down menus.
Click Save.
Task 9: Create an Organization Group
You create two lower-level organization groups (OGs).
Log in to the ControlCenter VM.
User name:
administratorPassword:
Pa$$w0rd
Open the Workspace ONE UEM administration console.
On the ControlCenter Windows taskbar, click the Google Chrome icon.
From the bookmarks bar, select Workspace ONE UEM.
You can also enter
https://omnissatraining.awmdm.com/AirWatchin the address bar to access the console page.
Log in to Workspace ONE UEM.
User name:
studentadmin{labid}Password:
Pa$$w0rd
In the navigation pane at the top, select Groups & Settings. Under Groups, select OG Details.
Click the Add Child Organization Group tab and configure the settings for an OG called "Company Owned."
Enter
Company Ownedin the Name text box.Enter
companyowned{labid}in the Group ID text box.Verify that Container is selected from the Type drop-down menu. This is the default option.
Configure the settings for country, locale, and time zone.
Click Save.
In the upper-right corner of the console, click the drop-down menu with your administrator name. Click the Organization Group drop-down menu and change Student{LabID}/Company Owned to Student{labid}.
On the OG Details page, click Add Child Organization Group tab and configure the settings for an OG called Employee Owned.
Enter
Serversin the Name text box.Enter
servers{labid}in the Group ID text box.Verify that Container is selected in the Type drop-down menu. This is the default option.
Specify the country, locale, and time zone.
Click Save.
In the upper-right corner of the console, click the drop-down menu with your administrator name. Click the Organization Group drop-down menu and verify the OG structure.
Top-level OG: Student{labid}
Lower-level OG 1: Company Owned
Lower-level OG 2: Servers
Company Owned and Servers OGs would be parallel organization groups underneath the Top level OG.
0 Comments
Add your comment