HexCon is coming to NYC. Catch the early-bird price before the time's up! Book me a spot
14 DAY FREE TRIAL

No Search Results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Enrolling Devices
  3. iOS

Category filter

Google Workspace Enrollment for iOS Devices

Jump To

Hexnode UEM allows you to assign iOS devices to Google Workspace (G Suite) users. You need to initially configure Google Workspace with the UEM console, followed by enrolling the devices. The enrolled iOS devices will get assigned to the respective Google Workspace users. Policies and actions can be associated to the devices, users, or whole domain from the Hexnode UEM console to manage and monitor the utilization of these devices.

To assign devices to Google Workspace users

  1. Configure Google Workspace.
  2. Enroll iOS devices via Google Workspace authentication.

Configure Google Workspace

Note:

Your organization should have a Google Workspace account.

Create service account

Creating service account

Your organization requires a service account with Google to integrate with Google Workspace. Hexnode uses this service account to push the configurations to the device.

  1. Using the Google Workspace admin credential, log in to Google Cloud Console.
  2. Click on +CREATE PROJECT.
  3. Create a New Project by providing the following details.
    • Project name: Provide a suitable project name and a corresponding project ID will be generated.
    • Click CREATE.
  4. From the Navigation menu on the left pane, select APIs and Services > Credentials.
  5. Click on +CREATE CREDENTIALS and from the drop-down list that appears select Service account.
  6. Create a new service account by providing the following Service account details.
    • Service account name: Provide a suitable name for the service account.
    • Service account ID: An account ID will be automatically generated. If required, you can edit it.
    • Service account description: Provide a suitable description for your service account.
    • Click on CREATE AND CONTINUE.
  7. Optional: Grant the service account access to the project created above. Select a role from the drop-down list. Click on Select a role. Choose Service Accounts > Service Account Admin and click CONTINUE.
  8. Click DONE.
  9. Under Service Accounts, click on the email address corresponding to the newly created service account.
  10. Select the Advanced settings dropdown and copy the generated Client ID.
  11. At the top, navigate to KEYS. Click on ADD KEY > Create new key and choose the key type as JSON. Click on CREATE.
  12. A JSON key will be downloaded. This key is later uploaded on to the Hexnode UEM server.
  13. Go back to the APIs & Services interface from the Navigation menu. Select Enabled APIs & services and click on +ENABLE APIS AND SERVICES.
  14. In the search box that appears, type Admin SDK API and select the same from the search results.
  15. Click on ENABLE to enable Admin SDK API.

Manage API Client Access for MDM

This process provides the MDM with a specific API access to apply the configurations to the managed devices. Ensure to Enable API access in the Admin console.

Manage API Client Access for MDM
  1. Using your Google Workspace admin credentials, log in to Google Admin Console and click on Security.
  2. From API controls, click on MANAGE DOMAIN WIDE DELEGATION under Domain wide delegation, and click on Add new.
  3. Authorize the API clients by providing the following details.
    • Client ID: Copy the unique ID from the downloaded JSON file or from the Google Cloud console.
    • OAuth scopes: Copy and paste the link https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
    • https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
    • https://www.googleapis.com/auth/admin.directory.domain – To fetch the domain.
    • Click on AUTHORIZE.

Note:
  • To sync users, user groups and domains from your Google Workspace account to the Hexnode console, you need to provide the OAuth scopes separated by a comma.
  • The directory domain scope
    https://www.googleapis.com/auth/admin.directory.domain is mandatory. If this scope is not entered, the domain sync will fail and an error message “Google Workspace domain names could not be retrieved.” will be displayed in the portal.


Integration of Google Workspace with Hexnode UEM Server

Integration of Google Workspace with Hexnode UEM Server
  1. Login to your Hexnode UEM portal.
  2. Navigate to Admin > Google Workspace.
  3. You will have the following options to be configured.
    • Google Workspace Admin email: Enter the Google Workspace admin email address of the domain that you want to synchronize with Hexnode.
    • Google Workspace key: Upload the JSON key previously downloaded.
  4. Click on Next to configure Google Workspace.
  5. Now, 2 new options will be displayed:
    • Sync across all domains: Checking this option will sync all the users and/or user groups across all domains. When new domains are created in Google Workspace, they will be automatically synced during the next sync.
    • Choose Domain(s): Only the users and/or user groups present in the selected domains will be synced with Hexnode UEM.
  6. With the Scheduled Scan feature, you can set a specific time on a certain day(s) when the Google Workspace sync is to be initiated. Either choose Daily or Weekly options from the Time settings.
    • If Daily is chosen, enter the time in 24-hour format in the fields corresponding to the Initiate sync at option. It will initiate the Google Workspace sync at the specified time every day.
    • If the Weekly option is selected, an additional option to select days will be displayed below the Initiate sync at option. It will initiate the Google Workspace sync at the specified time on the specified days.
  7. Click on the Save button to save the configuration.

Note:
  • Click on the Refresh Domains button if a newly added domain is not displayed on the portal.

Enroll iOS devices via Google Workspace authentication

Once the Google Workspace account is configured, you can start enrolling your iOS devices with Hexnode UEM.

  1. Go to Enroll > Platform-Specific > iOS > Email/SMS.
  2. Switch the authentication mode to Authenticated Enrollment.
  3. Select Google User under Enrollment Request or Self Enrollment.
    • If you select Google User under Enrollment Request, users will receive an email or SMS with the Hexnode server address and other enrollment instructions.
    • If Google User under Self Enrollment is selected no such request will be sent. Users have to enroll devices with their dedicated credentials.
  4. Change the device Ownership if required.
  5. Click on Next.

If you have chosen Self Enrollment, your enrollment set up is complete.
But if you have chosen to send Enrollment Request to your Google Workspace users follow these steps,

  1. Select a medium to send the request (Email/SMS).
  2. Change the Domain from Local to your Google Workspace domain.
  3. Select the user to whom you want to send the enrollment request and click Save.


On the device,

  1. Open Safari browser and enter the enrollment URL. It will be of the form: https://portalname.hexnodemdm.com/enroll/.
  2. This would take you to the enrollment screen. Enable the checkbox to agree with the terms and conditions and click Enroll.
  3. Enter the user’s Google Workspace username and password and click Authenticate.
  4. Provide the necessary permissions to allow profile download.
  5. After the profile gets downloaded, navigate to Settings > General > Profile. Choose Profile Service.
  6. Click Install to install the configuration profile and certificate.
  7. Click Trust to allow remote management.
  8. When the profile is installed, click Done.
  9. Go to the device launcher and the Hexnode UEM app starts installing.
  10. Once the app is installed, allow the UEM to access location and send notifications.
Need more help?
Raise a Ticket Raise a Ticket
Ask Community Ask Community
Chat With us Chat With us
  • Enrolling Devices
  • Managing iOS Devices