VMware Workspace ONE Community
syarbrou
Enthusiast
Enthusiast

Change device owner programatically?

We have a couple needs for this but has anyone seen any examples thru API's or otherwise that you can change the owner of a device from one person's Network ID to another in WS1?  We have two scenarios:

1. We assign shared devices to department manager.  We do use local accounts with their name in it but those people come and go and we have to wipe the device to change the owner in the WS1 console.

2. We have a telecom group that deals with leadership phones.  We wanted to do the enroll on a user's behalf but that doesn't work thru managed devices only unmanaged.  It was suggested to enroll the device with the telecom person's credentials and then programatically change it.  Not sure how that would work on the device itself with things like Boxer.

Thanks.

Steve

Labels (2)
Reply
0 Kudos
5 Replies
chengtmskcc
Expert
Expert

Hi Steve,

For #1, I recommend setting up the device with 'Multi User Devices' enabled for the staging account. In this case with the Hub app, you simply log off the existing owner and have the new owner log in which will then update the ownership record in the console. This is useful when a device is shared by multiple individuals such as shift workers.

For #2, I recommend setting up the device with 'Single User Devices' enabled for the staging account and set to 'Advanced - Enroll on behalf of another user'. In this case also with the Hub app, the actual user logs in and everything else will be configured under the user's credential. This is useful to streamline the device enrollment and setup process.

Best,

Tom

AaronWhittaker
Enthusiast
Enthusiast

For our Windows 10 devices we were given a set of scripts that change the assigned user via API when a user logs in, we had to do this as the multi-user device option doesn't work in the version that we have (1903). They no longer have that on their code page but I think its still in there, just commented out. Windows - Custom Device Inventory - Smarter Groups - Group Policies - Samples - VMware {code}

If its not, let me know and I will send you the one that we have directly. It has worked fine since the second version, the first one did too many API calls at once and flooded our network.

Reply
0 Kudos
MatthewSwenson
Hot Shot
Hot Shot

There's an idea and more API-based workarounds in the comments there:

https://wsone-uem.ideas.aha.io/ideas/UEMCP-I-8

I don't use this myself, but we have wanted to do this sort of thing in the past...

Reply
0 Kudos
syarbrou
Enthusiast
Enthusiast

For #2, I recommend setting up the device with 'Single User Devices' enabled for the staging account and set to 'Advanced - Enroll on behalf of another user'. In this case also with the Hub app, the actual user logs in and everything else will be configured under the user's credential. This is useful to streamline the device enrollment and setup process.

For the above that won't work.  When a device is in DEP the Enroll on behalf of another user doesn't work.  Apparently some limitation Apple puts on this that VMWare can't do anything about.

With the scripts I will take a look and if they don't look usable will reach out.  That said any scripts that can be shared I won't turn away. Smiley Happy

One item though with the scripts.  I think changing the owner info is fine for devices that are basically shared devices with one passcode and apps people share, but for a device that uses Boxer and Web and other things that kind of "know who you are" do we think changing like the network username assigned to a device would translate to the person's phone that will eventually get it?  So say I enroll the device, assigned to Steve.  If I open Boxer it says Hi Steve enter your network password.  I run the script and change it to Joe.  Would the phone then actually now say Hi Joe enter

Reply
0 Kudos
chengtmskcc
Expert
Expert

Interesting. In my previous position, all corporate-owned devices are in DEP. I mostly configured single staging but I recalled advanced staging as well without any issue. I didn't go with the later one since with cert-based authentication for email, I technically have access to that user's mailbox without his/her knowledge.

Sounds like in your case, you may consider multi-user staging and let the Hub app do the heavy lifting of switching from one user to another. Once a user signs in, all apps will be logged in under the actual user instead of the staging user. This is possible through device profiles.

Reply
0 Kudos