Omnissa data flow diagrams

Introduction

 This document provides an overview of data movement, processing activities, and information interactions between the Customer and Omnissa cloud hosted systems through a series of data flow diagrams. Data flow diagrams are available for the following cloud services:

  • Workspace ONE® UEM™
  • Omnissa® Access™, Identity Service, and Workspace ONE® Hub
  • Omnissa® Intelligence™
  • Omnissa® Connect

Purpose

The purpose of these diagrams is to clearly illustrate how data enters the system, how it is used, where it is stored, and how it flows between the Customer, Omnissa, and third-party sub-processors. Note that Federal Risk and Authorization Management Program (FedRAMP), on-premises, Omnissa ancillary services, and third-party offerings are not in scope for this document.

Audience

This document is intended for Omnissa commercial cloud administrators. It assumes at least intermediate knowledge of Omnissa cloud services. The diagrams included in this document support both technical and non-technical audiences by presenting operations in a structured, intuitive format and follow standardized notation to ensure consistency, clarity, and ease of interpretation across all audiences. Data definitions and data types are outlined in the next section. Data flows represent logical movement of information, not physical data transfer.

Data definitions and privacy notices

Per the Omnissa General Terms, Customer Content means content uploaded by Customer or any User into a Cloud Service or provided to Omnissa as a part of Support Services. Customer Content does not include account information, Operations Data, Usage Data and Support Request data all of which are processed by Omnissa in its capacity as a data controller. Customer Content may include personally identifiable information (Personal Data) the processing of which is governed by the Omnissa Data Processing Addendum (Omnissa DPA).

Omnissa engages Sub-processors to provide certain services on its behalf that may involve access to Personal Data. Applicable contracting agreements are in place with our Sub-processors to process Personal Data in a manner substantially similar to the standards set forth in the Omnissa DPA, and at a minimum, at the level of data protection required by Data Protection Law. In cloud hosting data centers (such as AWS), Omnissa manages the SaaS environment from the OS-layer up, and Sub-processors providing hosting services do not generally have logical access to Customer Content.

Data types

The following data types are shown in the legend of each diagram below.

Device / user data

This is the information collected by the Omnissa Cloud Services about Users and their devices. Users should be aware that the data collected by each Omnissa Cloud Service depends on how the Customer configures the service. Omnissa acts as a processor for device / user data and it is defined as ‘Customer Content’ in the Omnissa General Terms. A listing of possible data points collected by the Cloud Service can be found in the Workspace ONE Privacy Disclosure.

Identity / authentication data

We collect personal information directly from our Customers and their Users in connection with their deployment and use of our Services. Identity / authentication data means user profile information (such as usernames and contact details such as email address, job title, user role, company name and phone number) and login credentials (passwords, authentication keys, or security credentials that enable Customer’s access to and management of the Cloud Service). Omnissa usage of identity / authentication data can be found in our Products and Services Privacy Notice.

Application log data (Operations Data) and Usage Data

In connection with your use of the Services, we collect information from our software or systems hosting the Services, and from customer systems, applications and devices that are used to access the Services. Such information is used to facilitate the delivery of the Services to our Customers, including securing, managing and monitoring the Service infrastructure, and providing support (“Operations Data”), and for Omnissa’s own analytics and product improvement purposes, and to optimize the customer’s experience and use of the Services (“Usage Data”). When collecting both Usage Data and Operations Data, we always aim to collect the minimum amount of personal information necessary to fulfil these respective purposes.

Depending on the Service, Operations Data and Usage Data may include the following types of data:

  • Configuration data: Technical data about how a customer organization has configured the Services and related environment information. Examples include Service environment information, Service settings, third-party applications and third-party systems used in connection with the Services.
  • Online identifiers: Online identifiers such as device and user identifiers and IP addresses. 
  • Feature usage data: Feature usage data relates to how a customer organization uses the Services. Examples include details about which Service features a customer uses and metrics of user interface activity.
  • Performance data: Performance data relates to how the Services are performing. Examples include metrics of the performance and scale of the Services, response times for user interfaces, and details about customer API calls.
  • Service logs: Service logs are automatically generated by the Services. Typically, these logs record system events and state during the operation of the Services.
  • Support data: Support data is information collected and processed in connection with support facilities such as chat, web form, email, support calls (including recordings of those calls) and Service support tickets.
  • Survey data: Survey data relates to surveys or feedback triggered by your use of our Services such as a customer's Net Provider Score ("NPS").

Operations Data may also include such information as:

  • Authentication and access information: Information that provides access to the Services, such as username, passwords, and device identifiers.
  • Diagnostic information: Diagnostic information may be contained in log files, event files and other trace and diagnostic files.

Omnissa usage of Operations Data and Usage Data can be found in our Products and Services Privacy Notice.

Support request data

This is personal information you provide to us in connection with a support request. You may provide personal information in chats, support calls (including recordings of those calls), Service support tickets or other communications regarding the support request. NOTE: This does not include any files uploaded or attached to a support ticket that are defined as ‘Customer Content’ in our General Terms.

We process Customer Content as a ‘processor’ or ‘service provider’ for the purpose of responding to, troubleshooting and otherwise resolving the support request, in accordance with our General Terms and Data Processing Addendum. Omnissa usage of support request data can be found in our Products and Services Privacy Notice.

Workspace ONE UEM

Workspace ONE UEM service offerings are available in the U.S., Canada, the United Kingdom, the European Economic Area (EEA), and Asia-Pacific (APAC) regions. Workspace ONE UEM deployments are hosted in Amazon Web Services (AWS) or co-located data centers (for a limited number U.S. customers). All Workspace ONE UEM customer production data is replicated to disaster recovery locations in the same region as primary locations. For data processing locations, refer to the sub-processor listing.

Figure 1: Workspace ONE UEM data flow diagram

Omnissa Access, Identity Service and Workspace ONE Hub Services

Omnissa Access service offerings are hosted and available in the U.S., Canada, United Kingdom, the European Economic Area (EEA), and Asia-Pacific (APAC) regions. The Omnissa Access cloud service infrastructure also hosts Identity Service and Workspace ONE Hub Services functionality. Omnissa Access deployments are hosted in Amazon Web Services (AWS) and disaster recovery is provided using AWS Availability Zones (AZs) within the same region. For data processing locations, refer to the sub-processor listing.

Figure 2: Omnissa Access data flow diagram

Omnissa Intelligence

Omnissa Intelligence service offerings are available in the U.S., Canada, United Kingdom, the European Economic Area (EEA), and Asia-Pacific (APAC) regions. Omnissa Intelligence service infrastructure also hosts Omnissa Intelligence for Consumer Apps and Omnissa Intelligence Digital Employee Experience Management (DEEM). Omnissa Intelligence deployments are hosted in Amazon Web Services (AWS) and disaster recovery is provided using AWS AZs within the same region. For data processing locations, refer to the sub-processor listing.

 

Figure 3: Omnissa Intelligence data flow diagram

Omnissa Connect

Omnissa Connect provides a unified identity and single sign-on system, which is built upon a single platform-based identity. This allows users to access all Omnissa solutions and services using a single set of credentials. Omnissa Connect supports features like role-based access control, multi-factor authentication, and self-service enterprise federation to enhance security. Omnissa Connect also serves as a central management point for Omnissa Cloud Services. It simplifies onboarding and enables customer IT administrators to view and manage their portfolio of Omnissa Cloud Services and Software.

Omnissa Connect is hosted in the United States in Amazon Web Services (AWS) and disaster recovery is provided using AWS AZs within a single region. Omnissa Connect does not process any Customer Content (as defined above); Customer Content remains hosted by the in-scope Cloud Service(s). 

Figure 4: Omnissa Connect data flow diagram

Omni

To help you understand where your data is processed for the Omni, Data Analysis, and Knowledge Search AI tools, we have developed the following data flow diagrams. Whenever possible, Omnissa processes and stores data within your region. For more information on what data may be collected by each tool, see our AI data privacy datasheet.

Omni, Data Analysis, and Knowledge Search are located globally in various regions. The specific data flow is determined by your assigned customer location, the console you are using to access Omni, and the specific type of query you are making (Data Analysis vs. Knowledge Search query). These various data flows are shown in the deployment data flow diagrams below.

Omni data processing locations

Microsoft Azure OpenAI

Omni services use the following Microsoft Azure OpenAI deployment types based on the customer locations:

  • US customers: US Data Zone
  • EU customers: EU Data Zone
  • Customers in other regions: Global

Note: Data is transiently stored in the Azure LLM Endpoint location while processing your request.

Omni, Data Analysis & Knowledge Search

The table below outlines the data processing locations for Omni, Data Analysis, and Knowledge Search.

Table 1: Omni, Data Analysis, and Knowledge Search data processing regions

Data processing locations

Omni

Omni (hosted in AWS) is available in the following nine (9) regions worldwide:

  • US
  • Canada
  • UK
  • Australia
  • Germany
  • Ireland
  • Japan
  • India
  • Singapore

Depending on what console you are using to access Omni and the tool you are using, data processing may take place outside of your region. To prevent the processing of data outside of your region, Omnissa has an opt-in feature for Omni, Data Analysis, and Knowledge Search. See the data flow diagrams below for more information on where your data is processed.

Data Analysis

Data Analysis (hosted in AWS) is available in the following nine (9) regions worldwide:

  • US
  • Canada
  • UK
  • Australia
  • Germany
  • Ireland
  • Japan
  • India
  • Singapore

Knowledge Search

Knowledge Search (hosted in Microsoft Azure) is available in three (3) hosting locations worldwide:

  • US: for customers located in US and Canada
  • Ireland: for customers located in EU and UK
  • Japan: for customers located in Australia, Japan, India, Singapore

Omni data flow diagrams

The following diagrams show the data flow for launching the Omni AI assistant from each Omnissa console. Data collected by the Omni AI assistant is stored in the Omni service (in the same region as your assigned customer location) and is processed by Omni, Data Analysis, and Knowledge Search features using AWS and Microsoft Azure as sub-processors.

US deployments

If you are a customer in the United States (US), your data is stored in Omni in the US and is processed within the US.

 

Figure 5: Omni US-based deployment data flow

Canada deployments

If you are a customer in Canada (CA), your data is stored in Omni in Canada. Data may be processed in Omnissa infrastructure located in Canada or the US. The Azure OpenAI LLM Endpoint locations are Canada East (Global) and the OpenAI US Data Zone. The Azure LLM model will use hosting locations worldwide (Global) and in the US.

 

Figure 6: Omni Canada-based deployments

EU deployments

If you are a customer in the European Union (EU), your data is stored in Germany (DE) and is processed within the EU region using locations either in Germany (DE) or Ireland.

Figure 7: Omni EU-based deployment flow (Germany as assigned customer location)

If you are a customer located in the EU that has selected Ireland as your assigned customer location, your data is stored in Omni in Ireland and is processed in Ireland and the EU.

 

Figure 8: Omni EU-based deployment flow (Ireland as assigned customer location)

UK deployments

If you are a customer in the United Kingdom (UK), your data is stored in Omni in the UK. Data may be processed in Omnissa hosting infrastructure in the UK or Ireland. Azure Open AI LLM Endpoints are located in UK South (Global) and the EU Data Zone. The Azure LLM model will use hosting locations worldwide (Global) and in the EU.

 

Figure 9: Omni UK deployment data flow

Australia deployments

If you are a customer in Australia, your data is stored in Omni in Australia. Data may be processed in Omnissa hosting infrastructure in Australia or Japan. Azure OpenAI LLM Endpoints are located in Australia East (Global) and Japan East (Global). The Azure LLM model will use hosting locations worldwide (Global).

 

Figure 10: Omni Australia deployment data flow

Japan deployments

If you are a customer in Japan, your data is stored in Omni in Japan and may be processed in Omnissa infrastructure locations in Japan. Azure OpenAI LLM Endpoints are located in Japan East (Global). The Azure LLM model will use hosting locations worldwide (Global).

Figure 11: Omni Japan deployment flow

India deployments

If you are a customer in India, your data is stored in Omni in India. Data may be processed in Omnissa infrastructure in India or Japan. Azure Open AI LLM Endpoints are located in South India (Global) and Japan East (Global). The Azure LLM model will use hosting locations worldwide (Global).

 

Figure 12: Omni India deployment flow

Singapore deployments

If you are a customer in Singapore (SG), your data is stored in Omni in Singapore. Data may be processed in Omnissa infrastructure in Singapore or Japan. Azure Open AI LLM Endpoints are located in South India (Global) and Japan East (Global). The Azure LLM model will use hosting locations worldwide (Global).

 

Figure 13: Omni Singapore deployment data flow

Summary and additional resources

 This document provides a general overview of data movement withing in Omnissa commercial cloud offerings. The intent is to provide readers with an understanding of what data is collected by the services, where data is stored, and what sub-processors are used.

Additional resources

For more information about Workspace ONE cloud services, you can explore the following resources:

Changelog 

The following updates were made to this guide: 

Date 

Description of Changes 

February 2, 2026

  • Whitepaper published 

About the author and contributors 

The following people contributed their knowledge and assistance with this document: 

  • Andrea Smith, Sr. Information Security Analyst, Customer Security Assurance 

Filter Tags

Workspace ONE Workspace ONE UEM Document WhitePaper