Supporting frontline shift worker use-cases with Workspace ONE Web

Over 60% of the world’s workforce is considered frontline. Frontline workers deliver the essential goods and services that we depend on every day. From delivery drivers, field engineers to warehouse workers, store associates and nurses, they all rely on mission-critical devices to do their jobs. In the U.S., 49% of the frontline workers were mobile enabled in 2020 and 70% of the new mobile investments over the next 4 years are expected to happen for frontline workers.

Unlike office workers, frontline workers work on site or in the field. Many frontline jobs are process-oriented and frontline devices and applications play a critical role in performing those jobs. Any impact on the frontline devices or applications directly impacts workers’ productivity, effectiveness, or even job satisfaction. Quite often, the frontline workers rely on web applications to perform their jobs/tasks. With more and more corporate applications becoming SaaS, it becomes really critical to provide them safe, secure and focussed browsing experience to achieve maximum productivity.

Workspace ONE Web is a mobile web browser provided by VMware as part of the Workspace ONE suite of mobile apps and can be managed and configured with security settings and more through Workspace ONE Unified Endpoint Management (UEM). In this two-part blog series, we will discuss the use cases for a browser for frontline workers and how Workspace ONE Web supports these use cases.

Shift worker use-cases

A large section of frontline workers work in shifts. In this first part of the blog series, we will discuss common shift related use-cases for frontline workers. One of the primary shift-related use-cases for frontline workers is the use of shared devices, with single sign-on (SSO) into applications.

Use of shared devices means that one user logs into a device when their shift starts and logs out when the shift ends, and then another user comes and logs into the same device. The workers expect to automatically log in to the mobile applications once they log in to the device for better experience and productivity. This also requires capabilities to clear data and context of a user once they are done with the device to meet security and privacy requirements. Devices used by the nurses in hospitals is one example of shared devices that handle sensitive patient health information that needs to be protected by regulations like Health Insurance Portability and Accountability Act (HIPAA).

Following are a couple of secondary use-cases related to shifts.

• Access to internal corporate web applications: Frontline workers often need to access internal web applications and other resources like training videos, PDFs, and documents that are only accessible through the corporate network and not through the internet. Separate VPN applications to provide per app VPN or device level VPN do not provide the best user experience to achieve this. For example, rugged devices used in manufacturing facilities and utility plants need their workers to access web applications to view training videos over the intranet.
• Integrated Authentication for web applications: Organizations often require integrated authentication into the corporate web applications for their frontline devices to save time from entering the credentials separately for different web applications and improve productivity of their frontline workers. 

Workspace ONE Web provides solutions to the above mentioned use-cases for frontline workers, which are explained in detail below. These solutions are available for all the supported platforms, i.e., Android, iOS, and iPadOS.

Using shared devices and Single Sign on (SSO)

Workspace ONE Web provides integrated single sign-on with the check-in/check-out capability provided by Workspace ONE for shared devices. This makes sure that when a user checks out a device, they get signed into the Workspace ONE Web as well without any additional sign-in step. When the user checks the device back in, all the user browsing-related data — like the cache, cookies, downloads, etc. — gets cleared to maintain the user’s privacy and security.

To learn more about how to enroll and configure shared devices with Workspace ONE, refer to the VMware Docs article How Do You Share Devices in UEM.

Access internal corporate web applications

Workspace ONE Web is compatible with any per-app or full-device VPN for accessing internal corporate web applications. In addition, Workspace ONE Web also provides in-app tunnelling support which means that the traffic (all or selected) going through Web app can be configured to tunnel through a Unified Access Gateway (UAG) server to provide secure external access to your organization’s internal applications without requiring a separate VPN/Tunnel app on the device, which provides a better user experience. Workspace ONE in-app tunnel provides all the capabilities that are provided by the Workspace ONE tunnel application.

You can enable tunnelling for Web by enabling ‘AirWatch App Tunnel’ under Groups and Settings —> All Settings —> Apps —> Settings and Policies —> Security Policies (as shown below). Device traffic rules can be set in the Tunnel Configuration to control what all traffic (URLs/URL patterns) to tunnel.

For more details, refer the Configuring VMware Tunnel for Workspace ONE Web at VMware Docs.

Integrated authentication into web applications

Admins can enable integrated authentication into their enterprise web applications in Workspace ONE Web by enabling ‘Integrated Authentication’ under Groups and Settings —> All Settings —> Apps —> Settings and Policies —> Security Policies and then selecting the desired method on the Workspace ONE UEM admin console (as shown below). This enables the frontline workers to seamlessly log in into the enterprise web applications without entering their credentials every time, thereby saving their time and improving productivity.

Shift-based access control

Workspace ONE Web continues to focus on providing creative solutions and will be adding more features in future to better support use-cases for frontline devices. One of these features is shift based access control, which is coming soon. These days, many enterprises allow their frontline employees to bring their own devices to work instead of providing enterprise owned devices. In such scenarios, to abide by the employment laws and regulations, they need to provide access to corporate applications and data to the employees only during the employee shift hours and restrict them outside the shift hours. With this new capability, access to Workspace ONE Web will be blocked outside of user shift hours. In future, we intend to provide more granular control in Workspace ONE Web by letting admins configure which web applications to block outside of the user shift hours instead of blocking the whole Web browser application, as the employees may need access to some business applications even after shift hours to perform activities like accessing shift information, booking shift, accessing employee benefits, etc.

Learn more

This concludes part 1 of the blog series. In the part 2, we will discuss frontline use-cases around kiosk and limited browsing along with how Workspace ONE Web helps customers fulfill these use cases through its powerful features.