All users in your enterprise using Android will need Google accounts created to connect with their devices. This final step in the Android EMM Registration wizard allows you to determine which setup method you prefer for creating users. Admins have two options for creating users under Android:
- Create users manually by logging into the Google Admin Console or using the Google Active Directory Sync Tool (GADS).
- Allow AirWatch to automatically create Google accounts during enrollment.
The format for the user name is username@<your_enterprise_domain>.com.
To configure these settings:
- Select Yes or No on the Create accounts during enrollment based on enrolled users' email prompt.
If yes, the next prompt will ask if you desire to use SAML to authenticate the accounts.
If no, the Workspace ONE UEM console directs you to the alternative method of creating Google accounts by the Google Active Directory Sync Tool or the Google Admin Console.
- Select Finish.
Creating Android Enrollment Users Automatically
AirWatch suggests that you create users for Android automatically during enrollment. The Android setup wizard allows you to specify if you want to automatically create user accounts during enrollment, and if so, to use SAML to authenticate the accounts. If you have not set up SAML previously, the wizard will display a link that directs you to configure your settings.
If you wish to use create users automatically:
Select Yes to Create accounts during enrollment based on users' emails.
If you select yes, you will need configure the Directory Access Credential settings in the setup wizard. Upload a Directory Access Certificate and enter a Service Account Email Address and Admin Email Address to configure these settings.
Select Yes to Use SAML endpoint to authenticate accounts.
If you have not setup SAML, the wizard will prompt you to configure SAML authentication settings.
- Select Finish to complete Android setup.
Creating Android Enrollment Users Manually
You can manually create user accounts for your entire enterprise outside of the Workspace ONE UEM console by either using either the Google Cloud Directory Sync (GCDS) tool or the Google Admin Console. To access the Google Admin Console , you can click the link provided in the setup wizard. You will need to contact Google for further instructions on how to use the console.
The GCDS method requires you to use similar settings as the AirWatch Directory Services. Access the Directory Services settings by navigating to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Directory Services .
You can access the GCDS tool by clicking the link posted in the setup wizard or by downloading the tool directly to your computer from the Google Support page.
The GADS tool allows you to manually create Google accounts for every employee in your enterprise in one bulk creation. The accounts are created by synchronized with the information from your AirWatch Directory Services.
The information discussed here is up to date as of latest version of GCDS v4.4.0 for March 2017.
To create users using this method, complete the following:
- Select the link from the setup wizard or download the GADS tool directly from Google.
- Open the tool from your desktop and select User Accounts and Groups to synchronize.
- Select the Google Apps Configuration tab and enter the following:
- Enter Primary Domain Name.
- Select to Replace domain names in LDAP email address (of users and groups) with this domain name . This will ensure that all user email addresses match the domain name.
- Select the Authorize Now button.
- Follow the steps to continue the authorization process when the Authorize Google Apps Directory Sync dialog displays.
- Sign-in to your Android admin account.
- Enter the verification received in email.
- Select Validate to confirm these settings.
- Select the LDAP Configuration tab to enter the connection settings to sync the AirWatch Directory Services with Google.
From here, you can enter the same settings saved in the AirWatch Directory Services to sync with this tool. To access these settings, navigate to Groups & Settings ► All Settings ► System ► Enterprise Integration ► Directory Services .
Select Test Connection. If the sync is successful, this will auto create the linked Active Directory accounts and corporate Google accounts in Google.
You will be directed back to the setup wizard to finish setup.