To begin integrating the SEG Proxy with your Google Sync, at first, you must configure the necessary settings required for SEG Proxy on the UEM console .


To configure SEG proxy:

  1. Navigate to Email > Email Settings and select Configure.The Add Email Configuration wizard displays.
  2. In the Platform tab of the wizard form:

    • Select Proxy as the Deployment model.
    • Select Classic as the Gateway Platform.
    • Select Google Apps using Password Provisioning as the Email Type.
    • Select Next.
  3. In the Deployment tab of the wizard form, configure the basic settings. Select Next.


    Settings Description
    Friendly Name Enter a friendly name for the SEG deployment. This name gets displayed on the MEM dashboard for devices managed by SEG.
    Google Apps Settings
    Google Apps Domain Enter the Google Apps domain address.
    Google Apps Sub-Domain Enter the Google Apps sub domain address.
    Google Apps admin username Enter the Google Apps Admin username. Note that in the Google Apps Admin Username field, you should enter the full email address.
    Google Apps Directory APIs Integration
    Service account certificate

    Upload the Service account certificate. Enter the certificate password when prompted. The certificate password is created while generating the client ID on the Google console.

    Directory service account email address Enter the Directory service account email address that was generated while creating the Service Account Certificate.
    Application Name

    Enter the project name that you had earlier created.

    Secure Email Gateway URL Enter the proxy server address to which the API can connect.
    Ignore SSL errors between SEG and email server Select Enable to ignore Secure Socket Layer (SSL) certificate errors between email server and the SEG server.
    Ignore SSL errors between SEG and Workspace ONE server Select Enable to ignore Secure Socket Layer (SSL) certificate errors between Workspace ONE component and the SEG server.
    Use Basic Authentication Select Enable to allow login to the proxy server with basic user credentials.
    Gateway Username and Password Enter the username and password to access the SEG server.
  4. In the Profiles tab of the wizard form, create a new profile or associate an existing profile. Select Next.

    All Google models require an EAS profile. For new installs, associating an EAS profile is mandatory. For the upgrades, the admin has to manually associate an EAS profile to the MEM configuration after completing the upgrade process.

  5. The MEM Config Summary tab of the wizard provides a quick overview of the basic configuration you have just created for the SEG deployment. Select Finish to save the settings.


Configure Advance Settings

After you have configured the SEG Proxy, you can configure the advanced settings for your Google Sync deployment.


To configure the advanced settings:

  1. Navigate to Email > Settings page and then select the With_SEG_advanced icon next to the required Google Sync deployment.
    1. By default, the Use Recommended Settings check box is enabled to capture all SEG traffic information from devices. If not enabled, you can specify what information and how frequently the SEG should log for devices.
    2. Select the Enable Real-time Compliance Sync option to enable the UEM console to remotely provision compliance policies to the SEG Proxy server.
  2. Save the settings.

You can now configure Exchange ActiveSync profiles for each end user.

A Note on Password Management

If you choose to set up Email Management with Workspace ONE for Gmail, the passwords for Workspace ONE users with an email address domain matching that of the configured Google domains change. This change is regardless of any settings that you choose (through SEG or without SEG, or with Password Retention or Password Purging). Profile assignment through smart groups does not determine the users for whom the passwords are managed. If you do not prefer password management, then configure the 'Direct Integration with Directory APIs' deployment type.

The Google Apps Directory Sync (GADS) or the Google Apps Password Sync (GAPS) does not work with the password management options. Since GADS or GAPS performs a one-way sync of syncing data from the local LDAP server to Gmail, any change made to the password on Gmail is overwritten with the data from the LDAP server. Workspace ONE recommends the direct Integration with the Directory APIs deployment type in this type of configuration.