Before setting up AfW, the following prerequisites are to be completed.

Register your domain with Google

Google requires your company domain to be registered to use their Android for Work feature. The following steps describes the domain registration process with Google.

1. Open the Google Android for Work portal.

2. Fill in the details requested in the form. Once done, click Accept & create your account.

3. Now, click the Start button displayed against Verify domain ownership to verify the domain details entered in the previous step.

4. Click Verify to start the verification process and follow the steps mentioned on-screen. There are several ways to verify domain as explained here.

5. After the domain is successfully verified, an EMM token is generated. Copy and save the token and click Finish.

This token can also be copied for Google Admin Console. Login to Google Admin Console using your Android for Work Admin credentials. Click on Security->Show More->Android for Work settings. Here, you'll find the token under Manage EMM provider.

Create Service Accounts

This procedure creates a service account for your organization with Google. This Service Account is used by MDM to push AfW-based configurations to devices.

6. Login to Google Developers Console using the admin credentials created previously in the Android for Work portal.

7. Click Create Project and create a new project by providing a project name.

8. After the project is created, select Credentials.

9. Click Create Credentialsand select Service account key

10. Click on Service Account and select New service account

11. Specify the Service Account name to generate the Service account ID. Select JSON if not selected and click Create.

12. A JSON file containing the service account details is automatically downloaded by your browser. Click Close

13. Click on Manage service accounts.

14. Click on the More(three dots) and select Edit

15. Select the Enable Google Apps Domain-wide Delegation checkbox. On selecting the checkbox, the dialog window gets expanded. Now provide Product name for the consent screen and click Save.

16. Click the View Client ID link, and copy the Client ID.

17. Type 'EMM API' in the searchbox and select Google Play EMM API.

18. Click Enable to enable Google Play EMM API.

19. Similarly, type 'Admin' in the searchbox and select Admin SDK API. Click Enable to enable Admin SDK API.

Manage API Client access for MDM

This procedure allows MDM to be given specific API access to apply AfW-based features in the managed devices. Refer this to know about managing API Client access.

20. Login to Google Admin Console using your Android for Work Admin credentials.

21. Click on Security, click Show More.

22. Select Advanced Settings and click the Manage API client access link.

23. Paste the Client ID copied in Step 16 in the space provided for Client Name and paste in the space provided for One or More API Scopes and click Authorize.

Once the above procedure is complete, you can verify whether the binding process is successful by following the steps below:

24. Go to MDM Web Console, click Admin tab and select Android for Work and specify the domain registered, admin E-mail address, the EMM token copied in Step 5 and the upload the downloaded JSON file.

No image as it requires image from UI which will probably change

25. Now go to Google Admin Console, click on Security, select Show More.

26. Choose Android for Work. If the enterpise mobility management provider and authorized service account credentials are correct, then the binding is complete. (This following step is optional) Select Enforce EMM policies on Android devices checkbox and click Save to enable 'Validate Access' feature.

Creating user accounts

The next step before starting with Android for Work, is to create user accounts. This step is required for pushing AfW-based configurations to devices.

For Google apps users, user accounts can be created by manually adding users or adding users by importing a CSV. (Recommended for small organizations)

Creating users without a Google apps account,can be done using Google Active Directory Sync(GADS). (Recommended for large organizations)

Copyright © 2016, ZOHO Corp. All Rights Reserved.