Hexnode MDM allows you to assign Windows devices to G Suite users. You need to initially configure G Suite with the MDM console, followed by enrolling the devices which can later be assigned to G Suite users.
To Assign the devices to G Suite Users
- Configure G Suite.
- Enroll Windows devices via No Authentication.
- Assign the devices to G Suite users.
To Configure G Suite
Create Service Account
- Using the G Suite admin credential, login to Google Developers Console.
- Click on Create Project.
- Create a New Project by providing the following details.
- Project Name: Provide a suitable project name and a corresponding project ID will be generated.
- From the Navigation Menu on the left pane, select APIs & Services > Credentials.
- Click on Create Credentials and from the drop-down list that appears select Service account key.
- Select New service account and provide the following details.
- Service account name: Provide a suitable name for the service account.
- Service account ID: Provide a suitable ID for the service account.
- Role: From the drop-down list select Service Accounts > Service Account Admin.
- Select the Key type as JSON and click on Create.
- A JSON key will be downloaded. This key is later uploaded on to Hexnode MDM Console.
- From Navigation menu > IAM & admin > Service accounts. Select your service account and click on Edit.
- Select the checkbox Enable G Suite Domain-wide Delegation and provide the Product name for the consent screen and click on Save.
- Click on View Client ID.
- Copy the Client ID.
- From the Navigation menu select Dashboard and click on Enable APIs and Services.
- In the search box that appears, type admin sdk and select the same from the search results.
- Click on Enable to enable Admin SDK API.
Manage API Client Access for MDM
This process provides the MDM with a specific API access to apply the configurations to the managed devices.Ensure to Enable API access in the Admin console.
- Using your G Suite Admin credentials, login to Google Admin Console and click on Security.
- From Advanced Settings > select Manage API client access.
- Authorize the API clients by providing the following details.
- Client Name: Paste the Client ID copied previously.
- One or More API Scopes: Copy and paste the link
- https://www.googleapis.com/auth/admin.directory.user – To sync individual users.
- https://www.googleapis.com/auth/admin.directory.group – To sync user groups.
- Click on Authorize.
Integration of G Suite with Hexnode MDM Server
- Login to your Hexnode MDM portal.
- Navigate to Admin > G Suite.
- You will have the following options to be configured.
- G Suite Admin Email: Provide the Administrator email address of the G Suite account.
- Domain Name: Provide the domain name to be managed by the Administrator.
- G Suite key: Upload the JSON key previously downloaded.
- Click on Save to configure G Suite.
Enroll Windows devices via No Authentication
- Once the G Suite account is configured, you can start enrolling your windows devices with Hexnode MDM.
- Select the enrollment mode as No Authentication under Enroll > Settings >Authentication Modes.
- Select a G Suite User as Default User
- Enroll Windows mobile phones via No Authentication mode.
- Enroll Windows laptops via No Authentication mode.
- The enrolled devices will now be assigned to the selected user under Enroll > Settings > Authentication Modes > No Authentication > Default User.
- If you need to enroll all the devices to a specific G Suite user, you can select that user here.
Assign the devices to G Suite users
You can now assign devices to the respective G Suite users.
- Navigate to Manage > Devices.
- Clicking on the device takes you to the device summary page.
- From Actions > Change Owner.
- Change the domain from local to your domain name from the pop-up that appears and assign the device to a G Suite user.