For many Android devices (v5.0 and later), you can set up a certificate-based MDM . A list of all supported devices can be found under this link.
Before you can take advantage of its features, a few operations need to be carried out. You must first decide whether you want to use Google Accounts or Managed Google Play Accounts. We recommend the latter, as they can be configured far more quickly and easily. Managed Google Play Accounts allow you to quickly manage your users’ devices and their apps.
Note! However, if G Suite3 (from Google Cloud) is used in your company, meaning that each user has a Google account (with corporate domain), you have the option to use Google Accounts. How to set up Android Enterprise for Google Accounts is shown here.
Depending on whether you use Cortado MDM or Cortado Server, some of the setup steps are slightly different.
- First step to register with Google when using Cortado MDM (1.1) or Cortado Server (1.2)
- Continuing Google registration with Cortado MDM and Cortado Server
- Create Google Firebase project
- Transfer Google settings to the management console
1.1 First step to register with Google when using Cortado MDM
- If you want to use the Managed Google Play Accounts for your Android MDM, select in the management console Control Panel→ Global Settings→ MDM→ Enroll Android Enterprise.
- You will now be redirected to the Google Play registration page.
- Proceed as described below.
1.2 First step to register with Google when using Cortado Server
If you want to use Managed Google Play Accounts for your Android MDM, please contact our sales team. You will receive an invitation from us by email .
- Click on Signup in the invitation email (arrow in illus.).
- In the window that follows, click on Start Signup (arrow in illus.). Please note, that for security purposes, you have only 10 minutes to configure Android Enterprise.
- You will now be redirected to the Google Playregistration page.
2. Continuing Google registration with Cortado MDM and Cortado Server
- In the next window, click on Get started.
- You will need a Google account for the registration simply create a new account if you don’t have one already.
- Now use your Google account to sign in.
- Now enter your company name and then click on Next.
- Now provide the names and contact details of the data protection officer and the EU representative in your company.
- Then click on Complete Registration.
The registration is now complete.
Note for Cortado MDM! Users of Cortado MDM now create a Goolge Firebase project (see below).
Note for Cortado Server! On completion of a successful registration for Android Enterprise with Google, you will receive an email from Cortado with all the follow up information. This email will be sent to the same address as the invitation email. This email contains your Enterprise ID and your Service account email(arrows in illus.). You need the Unenroll secret to unregister your company from Android Enterprise.
There is also a security certificate (.p12) attached to the email (arrow in illus.).
You have to transfer this data later to the Cortado managementkonsole eintragen. Before that, create a Goolge Firebase project.
3. Create a Google Firebase project
Note for Cortado MDM! Creating a Google Firebase project is an option. Google Firebase Cloud Messaging (FCM) can be used to immediately push policies and profiles to the users’ devices. If FCM is not used, the user devices can be synchronised at intervals determined by you (Automatic Intervall Sync).
- Create a Google Firebase project with the appropriate Google server key and sender ID.
- To do so, open the following link: https://console.firebase.google.com.
- Login with your Google account.
- Then select Add project (arrow in illus.).
- Enter a project name and select your country (arrows in illus.).
- Then select Create project.
- Your new project is ready. Proceed by clicking on Continue.
- Select the Settings (left arrow in illus.) and then click on Project settings (right arrow in illus.).
- Under Cloud Messaging you can find your Server key and your Sender ID.
4. Transfer Google settings to the management console
- If you are using Google Firebase Cloud Messaging (FCM), copy the server key and the sender ID into the management console under Server key und Sender ID (upper arrow in illus.).
- As an alternative to FCM, you can define an interval under Automatic Interval Sync (AIS) at which the users’ devices will be regularly synchronised. Policies and profiles will then be pushed to the devices at the specified interval.
Note! Use either Google Firebase Cloud Messaging or Automatic Interval Sync.
Note! The Automatic Interval Sync (AIS) option is not yet available for Cortado Server. Cortado Server users can continue using FCM and enter the Server key and Sender ID in the management console.
Note for Cortado Server! Now enter all the data you received by e-mail from Cortado under Android Enterprise (lower arrow in the illus.):
- User account type: Select the Managed Google Play Accounts.
- Enterprise ID: Enter your Enterprise ID.
- Service account e-mail address: Enter the email address of the service account here.
- Certificate: Upload the certificate (.p12) here, which was sent to you via email.
- Password: Enter the password notasecret here.
Note for Cortado MDM! All data required for the Managed Google Play account has been automatically stored. under Android Enterprise (lower arrow in illus.).
The checkbox Auto enable users for Android enterprise while import (lower arrow in illus.) was activated automatically. Clear this check box if the users are not to be automatically enabled for Android Enterprise during import. This is useful if, for example if only some of the users are using Android enterprise. You have the alternative option to manually enable the users for Android Enterprise under Control Panel→ Users→ Enable Android Enterprise.
Learn how to configure SafetyNet settings for Google here.