# Administer users in WorkSpaces Personal
Each WorkSpace is assigned to a single user and cannot be shared by multiple users. By default, only one WorkSpace per user per directory is allowed.
**Topics**
+ [Manage users in WorkSpaces Personal](manage-workspaces-users.md)
+ [Create multiple WorkSpaces for a user in WorkSpaces Personal](create-multiple-workspaces-for-user.md)
+ [Customize how users log in to their WorkSpaces in WorkSpaces Personal](customize-workspaces-user-login.md)
+ [Enable self-service WorkSpaces management capabilities for your users in WorkSpaces Personal](enable-user-self-service-workspace-management.md)
+ [Enable Amazon Connect audio optimization for your users in WorkSpaces Personal](enable-amazon-connect-audio-optimization.md)
+ [Enable diagnostic log uploads in WorkSpaces Personal](enable-diagnostic-log-uploads.md)
# Manage users in WorkSpaces Personal
As an administrator for WorkSpaces, you can perform the following tasks to manage WorkSpaces users.
## Edit user information
You can use the WorkSpaces console to edit the user information for a WorkSpace.
**Note**
This feature is available only if you use AWS Managed Microsoft AD or Simple AD. If you use Microsoft Active Directory through AD Connector or a trust relationship, you can manage users and groups using the [ Active Directory module](https://docs.microsoft.com/powershell/module/activedirectory/). If you use Microsoft Entra ID or Custom WorkSpaces directory, you can manage users and groups with Microsoft Entra ID or your Identity Providers.
**To edit user information**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **WorkSpaces**.
1. Select a user and choose **Actions**, **Edit users**.
1. Update **First name**, **Last name**, and **Email** as needed.
1. Choose **Update**.
## Add or delete users
You can create users from the Amazon WorkSpaces console only during the process of launching a WorkSpace, and you cannot delete users through the Amazon WorkSpaces console. Most user management tasks, including managing user groups, must be performed through your directory.
**To add or delete users and groups**
To add, delete, or otherwise manage users and groups, you must do this through your directory. You'll perform most administrative tasks for your WorkSpaces directory using directory management tools, such as the Active Directory Administration Tools. For more information, see [Set up Active Directory Administration Tools for WorkSpaces Personal](directory_administration.md).
**Important**
Before you can remove a user, you must delete the WorkSpace assigned to that user. For more information, see [Delete a WorkSpace in WorkSpaces Personal](delete-workspaces.md).
The process you use for managing users and groups depends on which type of directory you're using.
+ If you're using AWS Managed Microsoft AD, see [ Manage Users and Groups in AWS Managed Microsoft AD](https://docs.aws.amazon.com//directoryservice/latest/admin-guide/ms_ad_manage_users_groups.html) in the *AWS Directory Service Administration Guide*.
+ If you're using Simple AD, see [ Manage Users and Groups in Simple AD](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/simple_ad_manage_users_groups.html) in the *AWS Directory Service Administration Guide*.
+ If you use Microsoft Active Directory through AD Connector or a trust relationship, you can manage users and groups by using the [ Active Directory module](https://docs.microsoft.com/powershell/module/activedirectory/).
## Send an invitation email
You can send an invitation email to a user manually if needed.
**Note**
If you're using AD Connector or a trusted domain, invitation emails aren't automatically sent to your users, so you must send them manually. Invitation emails also aren't sent automatically if the user already exists in Active Directory.
**To resend an invitation email**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **WorkSpaces**.
1. On the **WorkSpaces** page, use the search box to search for the user you want to send an invitation to, and then select the corresponding WorkSpace from the search results. You can select only one WorkSpace at a time.
1. Choose **Actions**, **Invite users**.
1. On the **Invite users to the WorkSpace** page, choose **Send invite**.
# Create multiple WorkSpaces for a user in WorkSpaces Personal
By default, you can create only one WorkSpace per user per directory. However, if needed, you can create more than one WorkSpace for a user, depending on your directory setup.
+ If you have only one directory for your WorkSpaces, create multiple usernames for the user. For example, a user named Mary Major can have mmajor1, mmajor2, and so on as usernames. Each username is associated with a different WorkSpace in the same directory, but the WorkSpaces have the same registration code, as long as the WorkSpaces are all created in the same directory in the same AWS Region.
+ If you have multiple directories for your WorkSpaces, create the WorkSpaces for the user in separate directories. You can use the same username in the directories, or you can use different usernames in the directories. The WorkSpaces will have different registration codes.
**Tip**
So that you can easily locate all the WorkSpaces that you've created for a user, use the same base username for each WorkSpace.
For example, if you have a user named Mary Major with the Active Directory username mmajor, create WorkSpaces for her with usernames such as mmajor, mmajor1, mmajor2, mmajor3, or other variants, such as mmajor\$1windows or mmajor\$1linux. As long as all the WorkSpaces have the same starting base username (mmajor), you can sort on the username in your WorkSpaces console to group all of the WorkSpaces for that user together.
**Important**
A user can have both a PCoIP and a DCV WorkSpace as long as the two WorkSpaces are located in separate directories. The same user cannot have a PCoIP and a DCV WorkSpace in the same directory.
If you are setting up multiple WorkSpaces for use with cross-Region redirection, you must set up the WorkSpaces in different directories in different AWS Regions, and you must use the same usernames in each directory. For more information about cross-Region redirection, see [Cross-Region redirection for WorkSpaces Personal](cross-region-redirection.md).
To switch between the WorkSpaces, the user logs in with the username and registration code associated with a particular Workspace. If the user is using a 3.0\$1 version of the WorkSpaces client applications for Windows, macOS, or Linux, the user can assign different names to the WorkSpaces by going to **Settings**, **Manage Login Information** in the client application.
# Customize how users log in to their WorkSpaces in WorkSpaces Personal
Customize your users' access to WorkSpaces by using uniform resource identifiers (URIs) to provide a simplified login experience that integrates with existing workflows in your organization. For example, you can automatically generate login URIs that register your users by using their WorkSpaces registration code. As a result:
+ Users can bypass the manual registration process.
+ Their usernames are automatically entered on their WorkSpaces client login page.
+ If multi-factor authentication (MFA) is used in your organization, their usernames and MFA codes are automatically entered on their client login page.
URI access works with both Region-based registration codes (for example, `WSpdx+ABC12D`) and fully qualified domain name (FQDN) based registration codes (for example, `desktop.example.com`). For more information about creating and using FQDN-based registration codes, see [Cross-Region redirection for WorkSpaces Personal](cross-region-redirection.md).
You can configure URI access to WorkSpaces for client applications on the following supported devices:
+ Windows computers
+ macOS computers
+ Ubuntu Linux 18.04, 20.04, and 22.04 computers
+ iPads
+ Android devices
To use URIs to access their WorkSpaces, users must first install the client application for their device by opening [https://clients.amazonworkspaces.com/](https://clients.amazonworkspaces.com/) and following the directions.
URI access is supported on the Firefox and Chrome browsers on Windows and macOS computers, on the Firefox browser on Ubuntu Linux 18.04, 20.04, and 22.04 computers, and on the Internet Explorer and Microsoft Edge browsers on Windows computers. For more information about WorkSpaces clients, see [WorkSpaces Clients](https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-clients.html) in the *Amazon WorkSpaces User Guide*.
**Note**
On Android devices, URI access works only with the Firefox browser, not with the Google Chrome browser.
To configure URI access to WorkSpaces, use any of the URI formats described in the following table.
**Note**
If the data component of your URI includes any of the following reserved characters, we recommend that you use percent-encoding in the data component to avoid ambiguity:
`@ : / ? & =`
For example, if you have usernames that include any of these characters, you should percent-encode those usernames in your URI. For more information, see [Uniform Resource Identifier (URI): Generic Syntax](https://www.rfc-editor.org/rfc/rfc3986.txt).
| Supported syntax | Description |
| --- | --- |
| workspaces:// | Opens the WorkSpaces client application. (Note: Using workspaces:// by itself is not currently supported in the Linux client application.) |
| workspaces://@registrationcode | Registers a user by using their WorkSpaces registration code. Also displays the client login page. |
| workspaces://username@registrationcode | Registers a user by using their WorkSpaces registration code. Also automatically enters the username in the username field on the client login page. |
| workspaces://username@registrationcode?MFACode=mfa | Registers a user by using their WorkSpaces registration code. Also automatically enters the username in the username field and the multi-factor authentication (MFA) code in the MFA code field on the client login page. |
| workspaces://@registrationcode?MFACode=mfa | Registers a user by using their WorkSpaces registration code. Also automatically enters the multi-factor authentication (MFA) code in the MFA code field on the client login page. |
**Note**
If users open a URI link when they are already connected to a WorkSpace from a Windows client, a new WorkSpaces session opens and their original WorkSpaces session remains open. If users open a URI link when they are connected to a WorkSpace from a macOS, iPad, or Android client, no new session opens; only their original WorkSpaces session remains open.
# Enable self-service WorkSpaces management capabilities for your users in WorkSpaces Personal
In WorkSpaces, you can enable self-service WorkSpace management capabilities for your users to provide them with more control over their experience. It can also reduce your IT support staff workload for WorkSpaces. When you enable self-service capabilities, users can perform one or more of the following tasks directly from their WorkSpaces client:
+ Cache their credentials on their client. This lets them reconnect to their WorkSpace without re-entering their credentials.
+ Restart (reboot) their WorkSpace.
+ Increase the size of the root and user volumes on their WorkSpace.
+ Change the compute type (bundle) for their WorkSpace.
+ Switch the running mode of their WorkSpace.
+ Rebuild their WorkSpace.
**Supported clients**
+ Android, running on Android or Android-compatible Chrome OS systems
+ Linux
+ macOS
+ Windows
**To enable self-service management capabilities for your users**
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **Directories**.
1. Choose the directory you want to enable self-service management capabilities.
1. Scroll down to Self-service permissions and choose **Edit**. Enable or disable the following options as required to determine the WorkSpace management tasks that users can perform from their client:
+ **Remember me** — Users can choose whether to cache their credentials on their client by selecting the **Remember Me** or **Keep me logged in** check box on the login screen. The credentials are cached in RAM only. When users choose to cache their credentials, they can reconnect to their WorkSpaces without re-entering their credentials. To control how long users can cache their credentials, see [Set the maximum lifetime for a Kerberos ticket](group_policy.md#gp_kerberos_ticket).
+ **Restart WorkSpace from client** — Users can restart (reboot) their WorkSpace. Restarting disconnects the user from their WorkSpace, shuts it down, and reboots it. The user data, operating system, and system settings are not affected.
+ **Increase volume size** — Users can expand the root and user volumes on their WorkSpace to a specified size without contacting IT support. Users can increase the size of the root volume (for Windows, the C: drive; for Linux, /) up to 175 GB, and the size of the user volume (for Windows, the D: drive; for Linux, /home) up to 100 GB. WorkSpace root and user volumes come in set groups that can't be changed. The available groups are [Root(GB), User(GB)]: [80, 10], [80, 50], [80, 100], [175 to 2000, 100 to 2000]. For more information, see [Modify a WorkSpace in WorkSpaces Personal](modify-workspaces.md).
For a newly created WorkSpace, users must wait 6 hours before they can increase the size of these drives. After that, they can do so only once in a 6-hour period. While a volume size increase is in progress, users can perform most tasks on their WorkSpace. The tasks that they can't perform are: changing their WorkSpace compute type, switching their WorkSpace running mode, restarting their WorkSpace, or rebuilding their WorkSpace. When the process is finished, the WorkSpace must be rebooted for the changes to take effect. This process might take up to an hour.
**Note**
If users increase the volume size on their WorkSpace, this increases the billing rate for their WorkSpace.
+ **Change compute type** — Users can switch their WorkSpace between compute types (bundles). For a newly created WorkSpace, users must wait 6 hours before they can switch to a different bundle. After that, they can switch to a larger bundle only once in a 6-hour period, or to a smaller bundle once in a 30-day period. When a WorkSpace compute type change is in progress, users are disconnected from their WorkSpace, and they can't use or change the WorkSpace. The WorkSpace is automatically rebooted during the compute type change process. This process might take up to an hour.
**Note**
If users change their WorkSpace compute type, this changes the billing rate for their WorkSpace.
+ **Switch running mode** — Users can switch their WorkSpace between the **AlwaysOn** and **AutoStop** running modes. For more information, see [Manage the running mode in WorkSpaces Personal](running-mode.md).
**Note**
If users switch the running mode of their WorkSpace, this changes the billing rate for their WorkSpace.
+ **Rebuild WorkSpace from client** — Users can rebuild the operating system of a WorkSpace to its original state. When a WorkSpace is rebuilt, the user volume (D: drive) is recreated from the latest backup. Because backups are completed every 12 hours, users' data might be up to 12 hours old. For a newly created WorkSpace, users must wait 12 hours before they can rebuild their WorkSpace. When a WorkSpace rebuild is in progress, users are disconnected from their WorkSpace, and they can't use or make changes to their WorkSpace. This process might take up to an hour.
+ **Diagnostic log uploads** — Users can upload WorkSpaces client log files directly to WorkSpaces to troubleshoot issues without interrupting use of the WorkSpaces client. If you enable diagnostic log uploads for your users, or let your users do so themselves, the log files are sent to WorkSpaces automatically. You can enable diagnostic log uploads before or during a WorkSpaces streaming session.
1. Choose **Save**.
# Enable Amazon Connect audio optimization for your users in WorkSpaces Personal
In the WorkSpaces management console, you can enable Amazon Connect Contact Control Panel (CCP) audio optimization for your WorkSpaces fleets to enhance security and to enable native-quality audio. After enabling CCP audio optimization, the CCP audio will be processed by the client endpoints, while WorkSpaces users can interact with the CCP from within their WorkSpaces.
Amazon Connect Contact Control Panel (CCP) audio optimization works with:
+ The WorkSpaces Windows client.
+ Amazon Linux and Windows WorkSpaces.
+ WorkSpaces using PCoIP or DCV.
## Requirements
+ You must be set up with Amazon Connect.
+ You must build a custom CCP with the Amazon Connect Stream API by creating a CCP with no media for call signaling. This way, the media is handled on the local desktop using standard CCP, and the signaling and call controls are handled on the remote connection with the CCP with no media. For more information about the Amazon Connect streams API, see the GitHub repository at [https://github.com/aws/amazon-connect-streams](https://github.com/aws/amazon-connect-streams). The custom CCP that you build is the CCP your Amazon Connect agents will use within their WorkSpaces.
+ You must have a web browser installed onto WorkSpaces client endpoints that's supported by Amazon Connect. For the list of supported browsers, see [ Browsers supported by Amazon Connect](https://docs.aws.amazon.com/connect/latest/adminguide/browsers.html).
**Note**
If your users use browsers that are not supported, they will be asked to download a supported browser when they attempt to log in to the CCP.
## Enable Amazon Connect audio optimization
To enable Amazon Connect audio optimization for your users:
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **Directories**.
1. Select your directory, and choose **Actions**, **Update Details**.
1. Expand **Amazon Connect Audio Optimization**.
**Note**
Before configuring with Amazon Connect, choose **Update** to save any unsaved changes made previously in the management console.
1. Choose **Configure Amazon Connect**.
1. Enter an Amazon Connect Contact Control Panel (CCP) name.
**Note**
The name that you give your CCP will be used in the user add-in menu. Choose a name that will be meaningful to your users.
1. Enter the Amazon Connect Contact Control Panel URL that's generated by Amazon Connect. See [ Provide access to the Contact Control Panel](https://docs.aws.amazon.com/connect/latest/adminguide/amazon-connect-contact-control-panel.html) for more information on getting the URL.
1. Choose **Create Amazon Connect**.
## Update directory's Amazon Connect audio optimization details
To update a directory's Amazon Connect audio optimization details:
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **Directories**.
1. Select your directory, and choose **Actions**, **Update Details**.
1. Expand **Amazon Connect Audio Optimization**.
**Note**
Before configuring with Amazon Connect, choose **Update** to save any unsaved changes made previously in the management console.
1. Choose **Configure Amazon Connect**.
1. Choose **Edit**.
1. Select your directory, and choose **Actions**, **Update Details**.
1. Update the Amazon Connect Contact Control Panel name and URL.
1. Choose **Save**.
## Delete directory's Amazon Connect audio optimization
To delete a directory’s Amazon Connect audio optimization:
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **Directories**.
1. Select your directory, and choose **Actions**, **Update Details**.
1. Expand **Amazon Connect Audio Optimization**.
**Note**
Before configuring with Amazon Connect, choose **Update** to save any unsaved changes made previously in the management console.
1. Choose **Configure Amazon Connect**.
1. Choose **Delete Amazon Connect**.
See the [ Agent training guide](https://docs.aws.amazon.com/connect/latest/adminguide/agent-user-guide.html) for more information.
# Enable diagnostic log uploads in WorkSpaces Personal
To troubleshoot WorkSpaces client issues, enable automatic diagnostic log uploads. This is currently supported for Windows, macOS, Linux, and Web Access clients.
**Note**
The WorkSpaces client diagnostic log uploads feature is currently unavailable in the AWS GovCloud (US-West) Region.
## Diagnostic log uploads
With Diagnostic log uploads, you can upload WorkSpaces client log files directly to WorkSpaces to troubleshoot issues without interrupting use of the WorkSpaces client. If you enable diagnostic log uploads for your users, or let your users do so themselves, the log files are sent to WorkSpaces automatically. You can enable diagnostic log uploads before or during a WorkSpaces streaming session.
To automatically upload diagnostic logs from managed devices, install a WorkSpaces client that supports diagnostic uploads. Log uploading is enabled by default. You can modify the settings in either of the following ways:
### Option 1: Using the AWS console
1. Open the WorkSpaces console at [https://console.aws.amazon.com/workspaces/v2/home](https://console.aws.amazon.com/workspaces/v2/home).
1. In the navigation pane, choose **Directories**.
1. Choose the directory name that you want to enable diagnostic logging for.
1. Scroll down to **Self-service permission**.
1. Choose **View details**
1. Choose **Edit**.
1. Choose **Diagnostic log uploads**.
1. Choose **Save**.
### Option 2: Using an API call
You can edit the directory settings to enable or disable the WorkSpaces Windows, macOS, and Linux client to upload diagnostic logs automatically using an API call. If enabled, when a client issue occurs, the logs are sent to WorkSpaces without user interaction. For more information, see the [ WorkSpaces API reference](https://docs.aws.amazon.com/workspaces/latest/api/API_ClientProperties.html).
You can also let your users choose whether to enable automatic diagnostic log uploads after client installation. For more information, see [WorkSpaces Windows client application ](https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html), [WorkSpaces macOS client application](https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html), and [WorkSpaces Linux client application](https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html).
**Note**
Diagnostic logs don't contain sensitive information. You can disable automatic diagnostic log uploads for your users at the directory level, or allow your users to disable these features themselves.
To access the diagnostic log uploads feature, you need to install the following versions of the WorkSpaces clients:
5.4.0 or later of the Windows client
5.8.0 or later of the macOS client
2023.1 of the Ubuntu 22.04 client
2023.1 of the Ubuntu 20.04 client
You can also access the diagnostic log upload feature with the Web Access client