Setting up Managed Google Play

Overview

To utilize Managed Google Play features and configurations, you have to setup Managed Google Play in MDM. Managed Google Play can be configured using either a G Suite account or a Google account. The differences between these methods are explained below:

PARAMETER USING G SUITE WITHOUT G SUITE
Admin account to be used for configuring Managed Google Play

G Suite account used by the organization.

Any Google account

User account creation

Created by the IT Administrator, as a part of G suite

Automatic creation of accounts

User account addition

Requisite account to be manually added to the device

Account gets automatically added to the device

User account binding

Bound to the specific user and can be reused in other devices

Bound to the specific device and cannot be reused

Association of configurations

Associated to the account

Associated to the device

Ideally used in

Organizations extensively using G Suite, having employees who use multiple devices.

Organizations without G Suite, having employees who use corporate devices

Example Scenario

Users already have device(s) with their G Suite account added.

Organizations have given corporate devices to employees and want to automatically Google accounts to the devices and prevent users from adding their personal Google account.

Using G Suite

To configure AfW in MDM, you need the following:

  1. G Suite for Education cannot be integrated with MDM.
  2. It is recommended to assign different G Suite accounts to devices for improved app management but a single Gsuite account can be used for upto 10 devices. If the G Suite account is assigned to more than 10 devices, the apps cannot be distributed to devices

Identifying the domain admin account

To complete the Managed Google Play integration with MDM, you need to provide a few details, one among which is your Domain Admin Account. To know the same, follow the steps given below:

Obtaining the JSON file

Obtaining the EMM token

Creating user accounts

The next step before starting with Android for Work is to create user accounts. This step is required for pushing Managed Google Play-based configurations to devices. The user must login with the created user account in Google Play Store to have all the AfW-pushed apps and configurations applied in the managed device. For devices enrolled as Profile Owner, the user must login with the created user account in the Google Play Store present in the Work profile.

Without G Suite (Using Google account)

For organizations without G Suite, Managed Google Play can be configured with any Google Account, which is not associated with any G Suite service or EMM services. It is recommended to use the Google account of the organization, as this account will be used for provisioning all Managed Google Play-based features and configurations to the managed devices. Configuring Managed Google Play without G Suite can be done only if MDM is running in HTTPS. If not, an error message is displayed in the browser which is to be ignored. A major advantage in this method is automatic creation and association of the user accounts to the devices.

  • Click here to know how to install apps silently on devices without having to manually add accounts in Play Store.

  • In case you want the users to add their personal accounts in addition to the arbitrary managed account added when Android for Work is configured using a Google account, you need to create a profile, with the restriction Add Accounts enabled. This ensures the users can add accounts.

  • If you are unable to configure Managed Google Play, it could be because the specified domain is already being used in another EMM provider. For this, go to the Google Admin console and navigate to Security -> Manage EMM provider for Android and click on the Unbind EMM Provider button. In the next step, click on Unbind and proceed with generating the token as explained earlier.

Troubleshooting Tips

Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine