Hexnode MDM enables you to configure Android in the Enterprise using G Suite. G Suite provides you with the access to several Google applications. G Suite manages applications distributed to a specific user by means of a specific account (which is manually created by the Administrator). Therefore, G Suite can be used to configure Android in the Enterprise, only if your organization has a G Suite account.
To Configure Android in the Enterprise using G Suite
Create Service Account
Your organization requires a service account with Google to configure Android in the Enterprise using G Suite. Hexnode MDM uses this service account to push the Android in the Enterprise based configurations to the device.
- Using the G Suite admin credential, login to Google Developers Console.
- Click on Create Project.
- Create a New Project by providing the following details.
- Project Name: Provide a suitable project name and a corresponding project ID will be generated.
- From the Navigation Menu on the left pane, select APIs and Services > Credentials.
- Click on Create Credentials and from the drop-down list that appears select Service account key.
- Select New service account and provide the following details.
- Service account name: Provide a suitable name for the service account.
- Service account ID: Provide a suitable ID for the service account.
- Role: From the drop-down list select Service Accounts > Service Account Admin.
- Select the Key type as JSON and click on Create.
- A JSON key will be downloaded. This key is later uploaded on to Hexnode MDM server to configure Android in the Enterprise.
- From Navigation menu > IAM & admin > Service accounts. Select your service account and click on Edit.
- Select the checkbox Enable G Suite Domain-wide Delegation and provide the Product name for the consent screen and click on Save.
- Click on View Client ID.
- Copy the Client ID.
- From the Navigation menu select Dashboard and click on Enable APIs and Services.
- In the search box that appears, type admin sdk and select the same from the search results.
- Click on Enable to enable Admin SDK API.
Manage API Client Access for MDM
This process provides the MDM with a specific API access to apply Android in the Enterprise configurations to the managed devices. Ensure to Enable API access in the Admin console.
- Using your G Suite Admin credentials, login to Google Admin Console and click on Security.
- From Advanced Settings > Manage API client access.
- Authorize the API clients by providing the following details.
- Client Name: Paste the Client ID copied previously..
- One or More API Scopes: Copy and paste the link https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
- https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
- Click on Authorize.
- Navigate to Security > Manage EMM provider for Android. Click on Generate Token and copy the token.
Integration of G Suite with Hexnode MDM Server
- Login to your Hexnode MDM portal.
- Navigate to Admin > Android In The Enterprise.
- Select Enrollment type as Google Domain.
- Configure G Suite.
You will have the following options to be configured.
- G Suite Admin Email: Provide the Administrator email address of the G Suite account.
- Domain Name: Provide the domain name to be managed by the Administrator.
- G Suite key: Upload the JSON key previously downloaded.
Click on Save to configure G Suite.
- Navigate back to Android in the Enterprise and provide the Token and click on Enroll.
- Token: Paste the EMM token previously copied.
The Integration is automatically completed when the details are provided.