SOTI Pulse Logo

Trouble with Android Enterprise - Google Account Enrollment with a Binded Domain without LDAP.

K
Kenneth
Brooklyn Academy of Music

Hi,

My Setup is MobiControlCloud 1.4.1.5.1284,  SOTI upgraded it today.

Tablet is a Samsung Tab A 10.1 with a pen (2016) model # SM-P580

Running Android v7.0

Google Domain is Binded to MobiControlCloud and I see it in both sides as being connected.

Setup COBO (Company Owned, Business Only)

I would like to enroll Company owned Tablet Android Enterprise with afw#mobicontrol and Device Reset, to push to the tablet a single user Manage Google Account that is binded to the the company's domain, and the user cannot add another personal account.

I used both device enrollments rules setups.

I can use a Manage Google Play Account that only pushes the apps, and if I disable the Google Account Creation from feature control then the user can't add any account to it, and if I enable it then I can add anything.

The Manage Google Account with the binded domain can add anything to it as well within the tablet like above but without apps being pushed.  Also, with a loophole that I found by backing out the sign-in screen I can add any Google Account.

I would like to restrict it in a way that I can only push the user's Managed Google Account to a specific tablet.

Basically I want to push the accounts so they may use the Google Apps like Google Drive, Docs, Sheets, and Slides.

The problem is I don't have a local LDAP server that is broadcasting the AD to the internet, and I was wondering if there any other way to manage this via Azure AD or idp from Google SAML app, or anything?

I'm missing that feature because of LDAP so I don't find a way to assign the Google Accounts to a tablet in MobiControlCloud Security.

Any help is much appreciated.  Thanks.

-Kenneth

android-enterprise managed-google-play add-google-account
Edited 7 years ago
Android
ANSWERS
RC
Raymond Chan
7 years ago

Please clarify your case:

- Is your Managed Google account bind with  S######.mobicontrolcloud.com or to your company domain (e.g. abc.com) ?

- Have you done any EMM configuration on Google's portal for your Managed Google account ?

- Do you intend to use Google Drive & office suite apps with user name associated with xyz@abc.com ?

- Is each of your device shared by multiple colleagues, or dedicated for use by one colleague?  

- Do you need device end-user to sign in with AD credential on device-power-reboot and on app initiation?

K
Kenneth
7 years ago

Hi Raymond,

- In the MobiControlCloud I bind it with our company domain using the tokens.

- I'm confused with the EMM in Google part because it says 

Manage EMM provider

Your currently selected enterpise mobility management provider is:

SOTI

But then it has an on Switch for the Google mobile management, and I'm thinking it will enable for all users and conflict with SOTI.

So no, I haven't done any EMM configuration at Google Side.

-I'm planning to do Google Drive with our E-Mail domain with the Google Apps like Docs, Sheets, and Slides, and it would be nice to integrate the Microsoft Office stuff but it is not a necessity if that's what you're talking about when you mentioned office suite.

-The Tablet will be for a single user, no sharing.

-AD credentials would be nice, and I believe close to a necessity.  But right now I'm thinking just giving them Google Accounts is fine, it would be great it they login as their AD account to the tablet if it is possible.

Thanks

-Kenneth

 
RC
Raymond Chan
7 years ago

Based on your reply, it seems that your MGA has been properly configured and android enterprise device can be enrolled and managed.  So, if you don't have any local LDAP server, just integrate Azure in LDAP Connections Manager and see if there is any problem.

On-line documentations can be found at

  https://www.soti.net/mc/help/v14.1/en/console/gsrindex.html?gsrid=system/ldap/ldap.html

or

  https://www.soti.net/mc/help/v13/en/default.htm#cshid=LdapConnections_all

Similar Discussions