Hexnode MDM enables you to configure Android in the Enterprise using G Suite. G Suite provides you with the access to several Google applications. G Suite manages applications distributed to a specific user by means of a specific account (which is manually created by the Administrator). Therefore, G Suite can be used to configure Android in the Enterprise, only if your organization has a G Suite account.
To Configure Android in the Enterprise using G Suite
Create Service Account
Your organization requires a service account with Google to configure Android in the Enterprise using G Suite. Hexnode MDM uses this service account to push the Android in the Enterprise based configurations to the device.
- Using the G Suite admin credential, login to Google Developers Console.
- Click on Create Project.
- Create a New Project by providing the following details.
- Project Name: Provide a suitable project name and a corresponding project ID will be generated.
- From the Navigation Menu on the left pane, select APIs and Services > Credentials.
- Click on Create Credentials and from the drop-down list that appears select Service account key.
- Select New service account and provide the following details.
- Service account name: Provide a suitable name for the service account.
- Service account ID: Provide a suitable ID for the service account.
- Role: From the drop-down list select Service Accounts > Service Account Admin.
- Select the Key type as JSON and click on Create.
- A JSON key will be downloaded. This key is later uploaded on to Hexnode MDM server to configure Android in the Enterprise.
- From Navigation menu > IAM & admin > Service accounts. Select your service account and click on Edit.
- Select the checkbox Enable G Suite Domain-wide Delegation and provide the Product name for the consent screen and click on Save.
- Click on View Client ID.
- Copy the Client ID.
- From the Navigation menu select Dashboard and click on Enable APIs and Services.
- In the search box that appears, type admin sdk and select the same from the search results.
- Click on Enable to enable Admin SDK API.
Manage API Client Access for MDM
This process provides the MDM with a specific API access to apply Android in the Enterprise configurations to the managed devices. Ensure to Enable API access in the Admin console.
- Using your G Suite Admin credentials, login to Google Admin Console and click on Security.
- From Advanced Settings > Manage API client access.
- Authorize the API clients by providing the following details.
- Client Name: Paste the Client ID copied previously..
- One or More API Scopes: Copy and paste the link https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
- https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
- Click on Authorize.
- Navigate to Security > Manage EMM provider for Android. Click on Generate Token and copy the token.
Integration of G Suite with Hexnode MDM Server
- Login to your Hexnode MDM portal.
- Navigate to Enroll > Platform – Specific > Android > Android Enterprise.
- Select Enrollment type as Google Domain.
- Click on Configure G Suite.
You will have the following options to be configured.
- G Suite Admin Email: Provide the Administrator email address of the G Suite account.
- Domain Name: Provide the domain name to be managed by the Administrator.
- G Suite key: Upload the JSON key previously downloaded.
- Click on Save to configure G Suite.
- Provide the Token and click on Enroll.
- Token: Paste the EMM token previously copied.
The Integration is automatically completed when the details are provided.
Once your organization is configured, you can start Enrolling Devices in Android in the Enterprise using G Suite.