STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Omnissa WS1 UEM Server Security Technical Implementation Guide

V-284284

CAT II (Medium)

The Omnissa WS1 UEM server must be configured to require a One-Time Password (OTP) or Short Message Service (SMS) two-factor authentication for local accounts.

Rule ID

SV-284284r1224027_rule

STIG

Omnissa WS1 UEM Server Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000765

Discussion

DoW sites may implement one "break-glass" WS1 UEM local account for the purpose of server recovery. This account must use two-factor authentication to provide secure access control. At the current time, WS1 UEM only supports OTP or SMS based authentication as the second authentication factor.

Check Content

Authenticate to the Workspace ONE UEM console as an administrator. 
 
1. Navigate to Accounts >> Administrators >> List View. 
2. For each account with an "Admin Type" of "Basic", click the three vertical dots next to the account name and select "Edit".   
3. Click "Next" three times to reach the "Settings" page. 
 
If "Two Factor Authentication" is not enabled, this is a finding. 
 
If the account has the "Read Only" role and is used for automation such as compliance scanning, this is not applicable to that account.

Fix Text

Authenticate to the Workspace ONE UEM console as an administrator. 
 
1. Navigate to Accounts >> Administrators >> List View. 
2. For each account with an "Admin Type" of "Basic", click the three vertical dots next to the account name and select "Edit".  
3. Click "Next" three times to reach the "Settings" page. 
4. Enable "Two Factor Authentication" and configure either email or SMS notification. 
5. Click "Save". 
 
Note: The OTP code will be sent to the email or mobile phone configured on the previous pages. Ensure they are configured correctly. 
 
Note: The only authorized local account is the "break-glass" account.