Setting up Android for Work

To utilize Android for Work (AfW) features and configurations, you have to setup Android for Work in MDM. Android for Work can be configured using either a G Suite account or a Google account. The differences between these methods are explained below:

Admin account to be used for configuring AfW

G Suite account used by the organization.

Any Google account

User account creation

Created by the IT Administrator, as a part of G suite

Automatic creation of accounts

User account addition

Requisite account to be manually added to the device

Account gets automatically added to the device

User account binding

Bound to the specific user and can be reused in other devices

Bound to the specific device and cannot be reused

Association of configurations

Associated to the account

Associated to the device

Ideally used in

Organizations extensively using G Suite, having employees who use multiple devices.

Organizations without G Suite, having employees who use corporate devices

Example Scenario

Users already have device(s) with their G Suite account added.

Organizations have given corporate devices to employees and want to automatically Google accounts to the devices and prevent users from adding their personal Google account.

Using G Suite

To configure AfW in MDM, you need the following:

It is recommended to assign different G Suite accounts to devices for improved app management but a single Gsuite account can be used for upto 10 devices. If the G Suite account is assigned to more than 10 devices, the apps cannot be distributed to devices

Identifying the domain admin account

To complete the AfW integration with MDM, you need to provide a few details, one among which is your Domain Admin Account. To know the same, follow the steps given below:

Obtaining the JSON file

Obtaining the EMM token

Creating user accounts

The next step before starting with Android for Work is to create user accounts. This step is required for pushing AfW-based configurations to devices. The user must login with the created user account in Google Play Store to have all the AfW-pushed apps and configurations applied in the managed device. For devices enrolled as Profile Owner, the user must login with the created user account in the Google Play Store present in the Work profile.

Without G Suite (Using Google account)

For organizations without G Suite, AfW can be configured with any Google Account, which is not associated with any G Suite service or EMM services. It is recommended to use the Google account of the organization, as this account will be used for provisioning all AfW-based features and configurations to the managed devices. Configuring AfW without G Suite can be done only if MDM is running in HTTPS. If not, an error message is displayed in the browser which is to be ignored. A major advantage in this method is automatic creation and association of the user accounts to the devices.

  • Click here to know how to install apps silently on devices without having to manually add accounts in Play Store.

  • In case you want the users to add their personal accounts in addition to the arbitrary managed account added when Android for Work is configured using a Google account, you need to create a profile, with the restriction Add Accounts enabled. This ensures the users can add accounts.

  • If you're unable to configure AfW, it maybe because the specified domain is already being used in another EMM provider. For this, go to the Google Admin console and navigate to Security -> Manage EMM provider for Android and click on the Unbind EMM Provider button. In the next step, click on Unbind and proceed with generating the token as explained earlier.

Copyright © 2019, ZOHO Corp. All Rights Reserved.