You have multiple user groups in your organization and you want to enroll the users from these multiple user groups in Workspace ONE UEM. However, there is a very specific requirement . Lets say, you have User group-A and User group-B.
You want to enroll the devices in User group-A using Open Enrollment Method and users in User Group-B using Registered Devices Only method.
This use case can be achieved by creating two child OGs in Workspace ONE UEM. Let’s name them UserGroupA OG and UserGroupB OG.
Steps to achieve this:
Choose the UserGroupA OG. The next step would be to go to Groups and Setting > All Setting > Devices & Users > General > Enrollment. Under Authentication Tab, mark the current setting as Override. Now, scroll down and look for the option Devices Enrollment Modes. Make sure that you checkmark Open Enrollment and click on save.
Now, from the top, choose UserGroupB OG and confirm that it is selected after the browser refreshes.
You have to go to the same settings tab, Groups and Setting > All Setting > Devices & Users > General > Enrollment and Mark the current settings as Override. Since you want the users in User Group B to receive the Enrollment Token, you should checkmark Registered Device only option. As soon as you checkmark Registered Device only option, an option below this will appear which says, Require Registration Token. Enable it to unlock some more option below it. You can set the Registration Token Type, Registration Token Length, Token Expiration Time (hours) as per your requirements/standards.
The next steps, would be to map the UEM user groups to their respective Organizational Groups.
Please note: Make sure you are in Top-Level OG while performing the below mentioned steps.
This can be achieved by going to Groups and Setting > All Setting > Devices & Users > General > Enrollment.
Under Grouping Tab, after making sure Override option is check marked, select Automatically Select Based on User Group for Group ID Assignment Mode option.
Step 2. Click on Edit Group Assignments, a pop-up will appear where you can map the user groups to their respective organization groups.
Initially, all the user groups are mapped to the top level OG.
Click on the small pencil icon to edit the assignment. For the above-mentioned user case, map UserGroup A to UserGroupA OG and UserGroup B to UserGroupB OG.
Click Save.
Make sure the right user group is mapped to its corresponding Organizational Group and click Save.
Now when you enroll the device, the user from group UserGroup A will be enrolled to UserGroupA OG and same goes for other user groups.
Limitation: If you have Email Auto Discovery configured on the top level OG, and if the devices are using Email ID to enroll , the devices won’t be enrolled as expected. All the devices enrolled into UEM using Email ID will be enrolled to top-level OG as the Email Domain is configured for Auto-Discovery in Top-level OG.
In order to overcome this, enroll the devices using Server URL and Group ID.
Basically, Email auto discovery enrollment feature will not support this use case.
