AirWatch offers different deployment models using which you can integrate Google Sync for your organization.
The different deployment methods decides the manner in which the AirWatch server communicates with the Gmail server. AirWatch server communicates indirectly with Google server through SEG in the Proxy deployment method. The Direct deployment method involves using the Google directory APIs or the password management configurations.
SEG Proxy Integration using Password Management
This configuration type involves the SEG Proxy server residing between the AirWatch server and the Gmail server. The SEG Proxy server ensures security by not allowing the enrolled devices to communicate directly with the Gmail server. With SEG, you get visibility of both the managed and unmanaged devices on the Email Dashboard. You can also leverage the available email policies.
Direct Integration with Directory APIs
In this configuration type, the AirWatch server uses Google's directory APIs to manage email access on mobile devices.
Direct Integration using Password Management
Using the password provisioning configuration type, the AirWatch server communicates directly with Google. Since the SEG server is not involved, this configuration uses password switching to block non-compliant devices. Based on your security needs, you may either choose to store or purge the password in your database. There are two types of configuration available:
- Integrating with password retention
- Integrating without password retention
Integrating with password retention
Using this configuration, the AirWatch server communicates with the Google directly and retains the Google password in the database by default. You can manage and monitor enrolled devices through the Email Dashboard. Devices are deemed compliant or non-compliant based on the email compliance policies configured within the AirWatch Console.
Whenever a device is non-compliant, AirWatch resets the password on the Google server preventing the user to log in using another device. Once the device is back to compliant status, the old password is reset back on the Google server and the user can gain access using the old password. By default, unmanaged devices are blocked.
Integrating without password retention
AirWatch recommends using this configuration. Using this configuration, the AirWatch server communicates with Google directly and does not store the user password in database. You can manage and monitor enrolled devices through the Device Dashboard. Devices are deemed compliant or non-compliant based on the device compliance policies configured within the AirWatch Console.
Since the SEG server is not involved, this approach provides a way to block non-compliant devices and ensure password safety. Once a device is detected as non-compliant, AirWatch removes the email profile from the device, thus barring the user from receiving emails. Once the device is back to compliant status, AirWatch generates a new password and sends it to Google and onto the device through the email profile.