All users in your enterprise using Android for Work will need Google accounts created to connect with their devices. The format will be username@<your_enterprise_domain>.com. This screen allows you to determine which setup method you prefer for creating users. Admins have two options for creating users under Android for Work:
- Create users manually by logging into the Google Admin Console or using the Google Active Directory Sync Tool (GADS).
- Allow AirWatch to automatically create Google accounts during enrollment.
To configure these settings:
- Select Yes or No on the Create accounts during enrollment based on enrolled users' email prompt.
If yes, the next prompt will ask if you desire to use SAML to authenticate the accounts.
If no, the AirWatch Console directs you to the alternative method of creating Google accounts by the Google Active Directory Sync Tool or the Google Admin Console.
- Select Finish.
Creating Android for Work Users Automatically
AirWatch suggests that you create users for Android for Work automatically during enrollment. The Android for Work setup wizard allows you to specify if you want to automatically create user accounts during enrollment, and if so, to use SAML to authenticate the accounts. If you have not set up SAML previously, the wizard will display a link that directs you to configure your settings.
If you wish to use create users automatically:
Select Yes to Create accounts during enrollment based on users' emails.
If you select yes, you will need configure the Directory Access Credential settings in the setup wizard. Upload a Directory Access Certificate and enter a Service Account Email Address and Admin Email Address to configure these settings.
Select Yes to Use SAML endpoint to authenticate accounts.
If you have not setup SAML, the wizard will prompt you to configure SAML authentication settings.
- Select Finish to complete Android for Work setup.
Creating Android for Work Users Manually
You can manually create user accounts for your entire enterprise outside of the AirWatch Console by either using either the GADS tool or the Google Admin Console. To access the Google Admin Console , you can click the link provided in the setup wizard. You will need to contact Google for further instructions on how to use the console.
The GADS method will require you to use similar settings as the AirWatch Directory Services. Access the Directory Services settings by navigating to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Directory Services .
You can access the GADS tool by clicking the link posted in the setup wizard or by downloading the tool directly to your computer from the Google Support page.
The GADS tool allows you to manually create Google accounts for every employee in your enterprise in one bulk creation. The accounts are created by synchronized with the information from your AirWatch Directory Services.
The information discussed here is up to date as of latest version of GADS v4.0.3 for April 2015.
To create users using this method, complete the following:
- Select the link from the setup wizard or download the GADS tool directly from Google.
- Open the tool from your desktop and select User Accounts and Groups to synchronize.
- Select the Google Apps Configuration tab and enter the following:
- Enter Primary Domain Name.
- Select to Replace domain names in LDAP email address (of users and groups) with this domain name . This will ensure that all user email addresses match the domain name.
- Select the Authorize Now button.
- Follow the steps to continue the authorization process when the Authorize Google Apps Directory Sync dialog displays.
- Sign-in to your Android for Work admin account.
- Enter the verification received in email.
- Select Validate to confirm these settings.
- Select the LDAP Configuration tab to enter the connection settings to sync the AirWatchDirectory Services with Google.
From here, you can enter the same settings saved in the AirWatch Directory Services to sync with this tool. To access these settings, navigate to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Directory Services .
Select Test Connection. If the sync is successful, this will auto create the linked Active Directory accounts and corporate Google accounts in Google.
You will be directed back to the setup wizard to finish setup.