While configuring your Gmail deployment using the Password Management approach, you can choose if you want to retain or not retain the Google password in the AirWatch database.

The non-compliant devices are blocked depending on whether you chose to retain or not retain the password. The devices are blocked either by resetting the password on the Google server or by removing the email profile from the device.

Note:

Irrespective of the type of email client, for password provisioning to occur, all the Gmail models require an EAS profile. For new installs, associating an EAS profile is mandatory. For the upgrades, the admin has to manually associate an EAS profile to the MEM configuration after completing the upgrade process.

To configure deployment on the AirWatch Console:

  1. From the AirWatch Console main menu, navigate to Email > Email Settings, and then select Configure.
  2. In the Platform wizard form:
    • Select Direct as the Deployment Model.
    • Select Google Apps using Password Provisioning as the Email Type.
    • Select With Password Retention or Without Password Retention as the Google Deployment Type. Select Next.
  3. In the Deployment wizard form

    Setting Description
    Friendly Name Enter a friendly name for the Gmail deployment.
    Google Apps Settings
    Google Apps Domain Enter the registered Google Apps domain address.
    Google Apps Sub-Domain Enter the Google Apps sub domain address, if applicable.
    Authentication
    Google Apps Admin Username Enter the full email address in the Google Apps Admin Username field.
    Google Apps Directory APIs Integration
    Service account certificate (*.p12) Upload the Service account certificate. Enter the certificate password when prompted. The certificate password is created while generating the Service Account client ID on the Google console.
    Directory service account email address Enter the Service Account email address that was generated while creating the Service Account Certificate.
    Application Name Enter the project name that you had created earlier.

  4. Select Next.
  5. In the Profiles wizard form, create a new profile or associate an existing profile. Select Next.

  6. The MEM Config Summary form provides a quick overview of the basic configuration you have just created for the Gmail deployment. Save the settings.

Configure Advanced Settings

After configuring your Gmail deployment, configure the advanced settings for the deployment. These settings vary depending on whether you have chosen to retain your password or not.

With Password Retention

If you have chosen to retain the password, then you can configure the settings to set up the preferred password length.

Note:

AirWatch does not provision passwords for newly enrolled devices or make any change to the password for the devices that change status while the email compliance policies are disabled.

To configure the advanced setting for this configuration:

  1. Navigate to Email > Settings page and then select the With_SEG_advanced icon.
  2. By default, the Use Recommended Settings check box is enabled. Disable this check box to enter the preferred length of the password in the Google Random Password Length field. Minimum accepted character is 8 and maximum is 100.
  3. Select Save.

 

Without Password Retention

If you have chosen not to retain the password in the AirWatch database, then disable the settings which by default encrypts and stores the Google password in the AirWatch database.

The Email Compliance policies are not applicable for this type of integration. By default, unmanaged devices are blocked.

Note:

AirWatch provisions passwords to devices during enrollment regardless of the MEM settings. The MDM compliance policies determines this approach.

 

To configure the advanced setting for this configuration:

  1. Navigate to Email > Settings page and then select the With_SEG_advanced icon.
  2. Disable the Use Recommended Settings check box to configure the Google Apps Settings options. By default, this option is enabled to encrypt and to store the Google password in the AirWatch database.
  3. Note that if a user has two devices enrolled and when one of the devices unenrolls, then the Google password resets and new generated password is pushed to the device that is enrolled.

    Once you disable the Use Recommended Settings check box, you can configure the following options:

    Setting Description
    Google Random Password Length Enter the preferred random password length. Minimum accepted character is 8 and maximum is 100
    Password Retention Period Enter the number of hours the password should be retained temporarily for management purposes. The retention ensures that all the enrolled devices belonging to a user receives the password. The default value is 48. The minimum accepted character is 1 and maximum is 100.
    Auto-rotate Google Password Select this check box to reset the password once within the specific period. The Scheduler runs to check if any user's password need to be reset within the specified period. The minimum accepted character is 1 and maximum is 90.
    Auto-rotate Google Password Period

    Enter the specific period to reset the Google password. The default period is 30 days.

    GmailApps_PW_Mgmt_8_3

  4. Select Save.
  5. Note:

    Irrespective of the type of email client, all the Google models require an EAS profile. For new installs, associating an EAS profile is mandatory. For the upgrades, the admin has to manually associate an EAS profile to the MEM configuration after completing the upgrade process.