XenMobile MDM Edition enables you to configure devices that can be shared by multiple users. The shared devices feature enables, for example, clinicians in hospitals to use any nearby device to access applications and data rather than having to carry around a specific device.
Shared Device Enrollment
A device only becomes shared when a specific shared device enrollment user enrolls the device with XenMobile. To configure a shared device, you first create the shared device enrollment role and assign the role to a user account. Then, you create a deployment package associated with the shared device enrollment user account. The package you create must contain the configurations and applications that you want to be applied when the shared device enrollment user is signed on. For example, if you plan to allow any users to use the device without signing on, you could include a passcode policy that prevents the device from locking, as well as some basic applications, such as a browser. Finally, you install Worx Home, sign on, and enroll the
device with XenMobile
using the shared device enrollment user account.
Deployment Packages for Shared Device Users
After enrollment by the shared device enrollment user, any user can use the shared device anonymously without signing on. To apply different configurations or to provide additional applications for authenticated users, you must create a deployment package associated with those users and configure the package to be deployed only to shared devices. You must also ensure that the deployment package removes any configurations and applications deployed for the shared device enrollment user. Similarly, you must update the deployment package associated with the shared device enrollment user account to remove the configurations and applications that you deploy for the authenticated user.
You can configure further deployment packages to provide different resources for two or more user groups. You can, for example, deliver different sets of applications for doctors and nurses. If you do this, ensure that each deployment package, including the package associated with the shared device enrollment user account, is configured to remove the policies and applications delivered by all of the other deployment packages.
Shared Device User Experience
With the above configuration in place, the policies and applications you include in the deployment package associated with the shared device enrollment user are initially applied to the device. Then, when a user signs on to Worx Home, all the configurations and applications available to that user account are deployed to the device. Concurrently, anything applicable only to the shared device enrollment user is removed. When the user signs off, the user's configurations, applications, and data are removed. Then, the configurations and applications associated with the shared device enrollment user are restored. In this way, each user only sees the resources available to them and gets the same experience on every shared device.
Only one user at a time can sign on to Worx Home on a shared device. The previous user must sign off before the next user can sign on. For security reasons, Worx Home does not store user credentials on shared devices, so users must enter their credentials each time they sign on. To ensure that a new user cannot access resources intended for the previous user, Worx Home does not allow new users to sign on while the configurations, applications, and data associated with the previous user are being removed.
Shared Device Requirements
For the optimum user experience, including silent installation and removal of applications, Citrix recommends configuring shared devices on the following platforms.
SharePoint data loss prevention (DLP) configurations are not supported with shared devices. For more information about SharePoint DLP, see Managing SharePoint Configurations.
XenMobile Enterprise Edition does not support shared devices. Configuring a shared device enrollment user automatically disables the connection between Device Manager and App Controller so that application management with App Controller is no longer possible.