Enabling Non-Technical Users to Send Hub Services Notifications

August 17, 2022

Who likes playing telephone with time-sensitive materials? Nobody, that’s who. Instead, we’re going to look at the steps required to set your marketing or communications teams to log in to Hub Services and start sending rich Hub Services notifications. Ready to get started? Let’s dig in!

At this point in the process, I’ll assume you have Hub Services enabled. If not, look at my previous blog covering the essential setup.

Let’s talk moving parts here – in order for Role Based Access Control in Hub Services to function; it needs to be able to reference a Group from Workspace ONE Access. Let’s go ahead and set that part up!

Creating the AD Group From Active Directory Users & Computers

To create the AD Group from Active Directory Users & Computers on domain-bound machine with permissions to create AD groups:

  1. From Active Directory Users & Computers, click the option for Create a Group in the Current Container.
    Graphical user interface, text, application, chat or text message</p>
<p>Description automatically generated 
  2. Name your Group. In my example, I chose WS1_Notification_Senders.
    Graphical user interface, application</p>
<p>Description automatically generated 
  3. Add your non-technical users to this group, which will be entitled to send notifications via Hub Services.
    Graphical user interface, application</p>
<p>Description automatically generated 
  4. Verify that all names have been added.
    Graphical user interface, application</p>
<p>Description automatically generated 

Syncing that group to Workspace ONE Access

To sync the group to Workspace ONE Access:

  1. Navigate to Identity & Access Management -> Directories -> (Your Directory Name).
  2. Choose Sync Settings.
    Graphical user interface, text, application, website</p>
<p>Description automatically generated 
  3. Choose Groups.
  4. Choose the Select Groups button.
    Graphical user interface, text, application</p>
<p>Description automatically generated 
  5. Check the box next to your newly created group in AD. Previously, we created an AD Group called WS1_Notification_Senders and click Save.
    Graphical user interface, text, application</p>
<p>Description automatically generated 
  6. In the Groups tab, click Save again to close the Sync Settings window.
  7. Choose Sync (with Safeguards) and approve the sync if you have synchronization thresholds in place that may prevent the new group/users from being added to Workspace ONE Access, or simply Sync without Safeguards if you know there are no other pending changes that may impact your environment.
    Diagram</p>
<p>Description automatically generated 
  8. From the Users & Groups tab, click the Groups option.
  9. Click your newly synced group WS1_Notification_Senders.
  10. Click the Users tab.
    Graphical user interface, application</p>
<p>Description automatically generated 
  11. Choose Sync Users.
    Graphical user interface, text</p>
<p>Description automatically generated 

Creating the RBAC Role in Hub Services

To create the RBAC role from Workspace ONE Access:

  1. In the top right corner of Workspace ONE Access (normal user portal), click your username/icon/initials. Choose Manage Hub Experience.
    Graphical user interface, application</p>
<p>Description automatically generated 
  2. On the left menu underneath the Admin Configurations section, navigate to Admin Roles.
    Graphical user interface, application</p>
<p>Description automatically generated 
  3. In the Admin Roles, click the Roles option, and observe that we have several pre-created RBAC roles. For our non-technical admins, we likely only want them to be able to CREATE notifications, so we’ll leverage the Notification Creator RBAC role for our new group.
  4. Click the Admins tab again, and in the top right corner, click the Add New Admin button.
    A picture containing text</p>
<p>Description automatically generated 
  5. Start typing the name of the group we just created, in my instance it’s WS1_Notification_Senders@k10.lab.
  6. Check the box for Notification Creator, and click Add.
    Graphical user interface, application</p>
<p>Description automatically generated 

That’s it! You’ve successfully delegated permissions to a non-technical user to create Notifications from Hub Services. When your non-admin logs in, they’ll only see the Notifications tab and will only be able to create new Notifications. Let’s take a look at how that experience looks for our Marketing team!

Let’s pretend to be the Marketing Person!

Starting from a private browser session, let’s log in as Schmidt from our marketing team. Schmidt is definitely non-technical and shouldn’t be trusted with administrative rights.

 

 

Once logged in from the top right corner, we’ll click on the user icon and choose Manage Hub Experience.

Notice that Schmidt only sees the Notifications, and only has the option to create a new notification. If he tries to click the Global Settings for Notifications, all those options are read-only.

Hopefully, this was helpful as you enable others within your organizations to leverage the awesomeness of Hub Notifications and Hub Services overall!

Filter Tags

Workspace ONE Workspace ONE Access Workspace ONE Intelligence Workspace ONE UEM Blog Intermediate