Google Workspace (G Suite) enrollment for Windows devices

1. Using the Google Workspace admin credential, log in to Google Cloud Console.
2. Click on Create Project.
3. Create a New Project by providing the following details.
   • Project Name: Provide a suitable project name, and a corresponding project ID will be generated.
4. From the Navigation Menu on the left pane, select APIs and Services > Credentials.
5. Click on Create Credentials and from the drop-down list that appears select Service account.
6. Select New service account and provide the following details.
   • Service account name: Provide a suitable name for the service account.
   • Service account ID: An account ID will be automatically generated. If required, you can edit it.
   • Service account description: Provide a suitable description for your service account.
   • Click on Create and Continue.
7. Optional: Grant the service account access to the project created above. Select a role from the drop-down list. Click on Select a role. Choose Service Accounts > Service Account Admin, and click Continue.
8. Click Done
9. Click on the email address corresponding to the newly created service account.
10. Select the Advanced settings dropdown and copy the generated Client ID.
11. At the top, navigate to Keys. Click on Add Key > Create new key and choose the key type as JSON and click on Create.
12. A JSON key will be downloaded. This key is later uploaded on to Hexnode MDM server.
13. Go back to APIs & Services interface from the Navigation menu. Select Enabled APIs & Services and click on +ENABLE APIS AND SERVICES.
14. In the search box that appears, type Admin SDK API and select the same from the search results.
15. Click on Enable to enable Admin SDK API.

1. Using your Google Workspace Admin credentials, log in to Google Admin Console and click on Security.
2. From API Controls, click on MANAGE DOMAIN WIDE DELEGATION under Domain wide delegation, and click on +Add new.
3. Authorize the API clients by providing the following details.
   • Client ID: Copy the unique ID from the downloaded JSON file or from the Google Cloud console.
   • OAuth scopes: Copy and paste the link

     https://www.googleapis.com/auth/admin.directory.user – To sync individual users.

     https://www.googleapis.com/auth/admin.directory.group – To sync user groups.

     https://www.googleapis.com/auth/admin.directory.domain – To fetch the domain.

   • Click on AUTHORIZE.

1. Log in to your Hexnode UEM portal.
2. Navigate to Admin > G Suite.
3. You will have the following options to be configured.
   • G Suite Admin Email: Enter the Google Workspace (G Suite) admin email address of the domain that you want to synchronize with Hexnode.
   • G Suite key: Upload the JSON key previously downloaded.
4. Click on Next to configure G Suite.
5. Now, 2 new options will be displayed:
   • Sync across all domains: Checking this option will sync all the users and/or user groups across all domains. When new domains are created in Google Workspace, they will be automatically synced during the next sync.
   • Choose Domain(s): Only the users and/or user groups present in the selected domains will be synced with Hexnode UEM.
6. With the Scheduled Scan feature, you can set a specific time on a certain day(s) when the Google Workspace sync is to be initiated. Either choose Daily or Weekly options from the Time settings.
   • If Daily is chosen, enter the time in 24-hour format in the fields corresponding to the Initiate sync at option. It will initiate the Google Workspace sync at the specified time every day.
   • If the Weekly option is selected, an additional option to select days will be displayed below the Initiate sync at option. It will initiate the Google Workspace sync at the specified time on the specified days.
7. Click on the Save button to save the configuration.

1. Go to Enroll > Platform-Specific > Windows > Windows PCs & Tablets.
2. Switch the authentication mode to Authenticated Enrollment.
3. Select Google User under Enrollment Request. In this case, users will receive an email or SMS with the Hexnode server address and other enrollment instructions.
4. Change the device Ownership if required.
5. Click Next.
6. Select the mode for sending enrollment requests to the Google Workspace users as Email, SMS, or even both.
7. Change the Domain from Local to your Google Workspace domain and select the user you need to send the enrollment request.
8. Click Send. The enrollment request will be successfully sent to the selected Google user.

1. Go to Enroll > Platform-Specific > Windows > Windows PCs & Tablets.
2. Switch the authentication mode to Authenticated Enrollment.
3. Select Google User under Self Enrollment.
4. Change the device Ownership if required.
5. Click Next.
6. The enrollment settings will be successfully updated, and the users can now enroll their devices with their dedicated credentials.

Follow the below steps on your Windows machine to enroll it using the Hexnode Installer app:

1. Enter the Hexnode enrollment URL on a web browser. The URL will be in the format:

   https://{portalname}.hexnodemdm.com/enroll/

2. The URL will take you to a page where you can download the Hexnode Installer app.
3. Click Download to initiate the Hexnode Installer app download.
4. Open the app and click Yes on the ‘Hexnode Installer Setup’ wizard to grant permission for the app to make changes to the device.
5. Click Install to continue with the installation.
6. Next, go through the EULA agreement and then click Agree and Enroll.
7. Now, change the domain from local to your Google Workspace domain and enter your Google Workspace credentials. Click Authenticate.
8. Next, the device will process the enrollment request. In case the processing fails,
   • Click Enroll to take you to Settings > Accounts > Access Work or School > Enroll in Device Management on your device.
   • The username and the enrollment server address will be auto-filled on the ‘Set up a work or school account’ pane. Click Next.
   • Go through the device setup instructions and click Got It to connect Hexnode to the Workplace or School. It may take a few minutes to set up the connection. Any configurations or apps that the organization has set up for the user will be applied to the device. In case the device takes more time to set up the connection, navigate to Settings > Accounts > Access work or school > Info > Sync.
9. The Hexnode UEM app will be installed on the device, and all the configurations will be applied automatically to the device. Click Done to exit the Hexnode Installer.
10. Click Finish to exit the setup.

1. On your Windows device, go to Settings > Accounts > Access work or school.
2. Click Enroll only in device management.
3. Enter your work email and click Next.
4. You’ll be asked to enter your Microsoft password, neglect this step by closing the tab.
5. Next, enter the enrollment URL which will be in the format:

   https://{portalname}.hexnodemdm.com

6. Click Next.
7. On the authentication page, click Sign in with Google and authenticate by entering your Google Workspace username and password.
8. Click Got It after reading the setup instructions. The Windows device is now successfully enrolled with Hexnode UEM.