Managed Google Play Accounts (Android Enterprise Accounts)

License: Silver

Managed Google Play Accounts are required to enable use and configuration of Android Enterprise devices. You no longer have to use Google Apps Directory Sync (GADS) or use Google accounts to register devices.

Important: If you have already set up Android Enterprise, you must first retire those devices to be able to use this feature.

Configuring Android Enterprise using managed Google Play Account

Procedure

  1. Log in to the Ivanti Neurons for MDM portal.

  2. Go to Admin > Google > Android Enterprise.

  3. Under Managed Google Play Account, click Authorize Google to display the Google Play for Work page.

  4. Enter your Google Play Account Email ID.

  5. Click Get Started.

  6. Accept the Android Enterprise agreement.

  7. Click Confirm.

  8. Click Complete Registration.

    The Android Enterprise Configured section displays the following information:

    • Status
    • Admin Email
    • Enterprise Type
    • Google Enterprise ID
    • Enterprise Name

Configuring Android Enterprise without authentication using Google BTE

Configuring Android Enterprise without authentication using Google BTE lets organizations enroll and manage devices without requiring users to sign in with a Google account, simplifying setup while maintaining enterprise control.

Procedure

  1. Log in to the Ivanti Neurons for MDM portal.

  2. Go to Admin > Google > Android Enterprise.

  3. Under Managed Google Play Account, click Authorize Google to display the Google Play for Work page.

  4. Enter your managed Google Play Account Email ID that has a custom domain.

  5. Select Create a new binding with.. in the Select a binding option page.

  6. Click Confirm.

    The Android Enterprise Configured section displays the following information:

    • Status: Displays the connection status.
    • Admin Email: Displays the managed Google Play Account email ID.
    • Enterprise Type: Displays the enterprise type.

    • Google Authentication Settings: Displays No based on authentication requirement.

    • Google Enterprise ID: Displays a unique Google enterprise ID.
    • Enterprise Name: Displays the managed Google Play Account enterprise name.

Configuring Android Enterprise with authentication using Google BTE

Configuring Android Enterprise with authentication using Google BTE requires users to sign in with a Google account during enrollment, enabling identity based device management and user specific access control.

Procedure

  1. Log in to the Ivanti Neurons for MDM portal.

  2. Go to Admin > Google > Android Enterprise.

  3. Under Managed Google Play Account, click Authorize Google to display the Google Play for Work page.

  4. Enter your managed Google Play Account Email ID that has a custom domain.

  5. Select Create a new binding with.. in the Select a binding option page.

  6. Click Confirm.

  7. Enter the password of the managed Google Play Account in the Registration Information section.

  8. Enter your Work email in the Sign in with your work account page.

  9. Click Next.

  10. Enter the password in the Enter your password field.

  11. Click Next.

  12. Select Accept.

    The Android Enterprise Configured section displays the following information:

    • Status: Displays the connection status.
    • Admin Email: Displays the managed Google Play Account email ID.
    • Enterprise Type: Displays the enterprise type.

    • Google Authentication Settings: Displays Yes based on authentication requirement.

    • Google Enterprise ID: Displays a unique Google enterprise ID.
    • Enterprise Name: Displays the managed Google Play Account enterprise name.

When Android Enterprise is set up using managed Google Play Accounts, there is a limitation on the number of devices enrolled per user. To overcome this limitation, while creating a new user, select the Android Enterprise device Account option to enable Android Enterprise work managed device enrollments attached to this account to be automatically assigned a Google Device Account.

Device Accounts are intended for COSU (single-use) deployments (e.g., with Kiosk mode). Users with device accounts may have limited access to Google Play.

Occasionally, a managed Google Play account or its token expires for a variety of reasons like authentication token expiry or the account or enterprise being deleted. In such scenarios, Google Play services will notify the client with a broadcast action that will trigger the client to reprovision the device by removing the existing account and adding an account with a new token obtained from the UEM server.

In case, account re-provisioning fails either because the old account could not be removed or due to many attempts at re-provisioning, user will be notified to start over again by retiring the client or factory resetting the device as the case may be depending on whether device is in work profile mode or in managed device mode, respectively.