The following tasks in Workspace ONE UEM are primarily performed by Organization groups (OG). In Workspace ONE UEM, User groups don’t replace organization groups; and rather, they are used to represent security groups and business roles.
- Devices are always tied to an OG, which is the primary difference between organization and user groups.
- Within the UEM console, through an organization group, set the administration management permissions.
- Profiles, applications, and policies are assigned to organization groups.
- User groups only work as an extra filter on top of organization groups, even though it is possible to allocate these resources to user groups.
- Assets tracking on Workspace ONE UEM dashboards. On every console page for all dashboards and views, Organization groups are still the primary filter. Consider the device groupings the admin wants to view on the Workspace ONE UEM dashboards as OGs specify at which business units the devices live.
- Customizing system config settings. System settings are linked to organization groups. The admin must define different organization groups if they need different system settings. Examples of important settings to consider are listed as the following:
- Enrollment Settings and Restrictions
- Privacy Policies
Once the admin imports user groups, existing MDM assignments are not affected. Ensure that users do not feel any disruption to the current Configuration and facilitate the transition process by applying policies to user groups manually as needed.
- To represent security groups or business roles, user groups are used within the organization.
- Devices still belong to one organization group, only although users can belong to multiple user groups.
- The assignment of policies, profiles, and internal apps to user groups is currently supported by Workspace ONE UEM.
Transition Options for Best Practices
One of the following options may help the admin to reconfigure the OG and user group structure when defining OGs to represent user groups to be more streamlined.
- With user groups, reconfigure your system to associate applications, profiles, and enrollment restrictions.
- Assign each profile, app, and enrollment restriction to the appropriate user groups.
- Update the organization group assignment by one organization group up.
- A user group assignment is added.
The admin may choose to reconfigure the hierarchy to remove old or unused organisation groups.
- From child to parent, move devices to one organization group up.
- Old organization groups are deleted.
The admin may choose to leave the structure as-is.
- The organization group can be regarded as the “Primary Security Group” at this point of the device.
- For assigning profiles and policies, the user groups are used.
- For asset tracking purposes, the old, unused organization groups can remain.