Logo Entgra

All documentations
Enroll Android as a Google Work Profile | Entgra Iot Server

Android Device Enrollment as Google Work Profile

Entgra IoT server is a Google registered EMM vendor for Work Profiles. Accordingly, it enables integration with Google that allows Entgra to manage user applications within the Work Profile using Google APIs.

Let us first go through the Work Profile concept and its applications in-depth before proceeding with Google Work Profile enrollment.

What is a Work Profile?

A work profile is a containerized space in a personal mobile device that is reserved for corporate use. Employees who bring in their devices to work would prefer to keep their personal apps and data separate from corporate apps and data. To achieve this, Android has a concept known as Work Profiles. A work profile creates a separate logical space in the device reserved for corporate apps and their data.

Google Work Profile

The Entgra IoT server enables creating a work profile within a device with control over managing that profile, but not the entire device. This paves for employees to retain their privacy within the device.

A Google Work Profile is required for managing apps installed inside the work profile. With a Google work profile, you as the customer, Entgra as the EMM vendor and Google as the application provider gets into a binding to provide app management inside the work profile.

Advantages of Google Work Profile

  • Ability to install apps into the work profile.
  • Automatically associate/create a Google account for each work profile user which is used in the Playstore.
  • Define what apps will be available/installed for each user.
  • Install apps to work profile based on criteria such as battery condition, device idle status and network connectivity conditions.
  • Create a private corporate app store on Google Playstore for organization.
  • Define the layout of the Playstore on the user's device.

Auto Generated Google Account (Managed Google Play Accounts) vs Existing Google Accounts(Google Managed Accounts)

Google Work Profile enables creating new/associate existing Google Accounts for each user at enrollment, when separate corporate work profiles are created on the device at enrollment. This account gets added to the Play store automatically, and will be referred to as the Managed Google Play Account, here on. If Google accounts exist for all employees in the organization, it is possible to use the same accounts for work profile creation, and such accounts will be referred to as Google Managed Accounts here on.

Configurations and Prerequisites for Google Work Profile

In order to enroll a device as a Google work profile, there are few prerequisites based on the Google account type that you wish to use. Prior to enrollment, let us look at the necessary configurations.

Configurations and Prerequisites for Managed Google Play Accounts

Prerequisites

  • Request Android for work token and server details from Entgra by writing to contact@entgra.io.
    While you are waiting for the token to arrive,
  • Make sure to review the Managed Google Play Agreement as you will have to agree to it during the process.
  • Optionally, have the name, email and phone number of following roles ready, if your organization has following roles;
    • Data protection officer
    • EU Representative
  • Create or have a personal Google Account ready, which is not an account associated with G Suite or other managed domain accounts. Although this is a personal account, its credentials must be shared with your organization. Therefore, it is recommended to create a new account for this purpose.

    • Important Note
    Once the tokens are received, you only have one hour to complete the process. Therefore, please have the above ready.

If you have received tokens, let us proceed with the next steps.

  • If the server is not started, start it.
  • Log in to the Google Account in a new private browsing window.
  • In the same private browser, log in to the Device Management Console and go to PLATFORM CONFIGURATION -> Android Configurations. drawing
  • Under the Android For Work Configurations section, fill Server details provided by EMM vendor and Token with the value sent by Entgra and click Begin.
  • You will be redirected to play.google.com. If you have not signed into the Google account, click Sign In to sign in.
    • drawing
  • Once the logging in process is complete, click Get Started on the screen that appears next.
    • drawing
  • Fill in the details regarding the Data Protection Officer and EU Representative if required by your organization. This can be left blank as well, to be filled later. Agree to the Managed Google Play Agreement by clicking Confirm.
    • drawing
  • On the screen that appears next, click Complete Registration.
    • drawing
  • Google will redirect to the EMM server and the following screen will appear to indicate the successful completion of configuration.
    • drawing
  • If we go to PLATFORM CONFIGURATION -> Android Configurations, now the ESA and Enterprise ID field values must be filled. For future reference, please copy both these values to a secure location and save.
    • drawing

Enroll a Device

Download and install the Entgra EMM Agent from Playstore. Enroll the device similar to how the work profile enrollment was done.

Legacy enrollment is deprecated and is designed to take control of the device and data in a BYOD setting.

Prerequisites

Steps

  • In the Device Management Portal, Go to CONFIGURATION MANAGEMENT -> PLATFORM CONFIGURATIONS -> Android Configurations section and fill SERVER_ADDRESS with the gateway host and the polling interval (60 seconds or more).
  • Download Entgra Agent app from Google Playstore.
  • Go to add device section.
  • Under _Step 02 - Enroll the Android Agent_, click Enroll using QR.
  • From the dropdown, select Google_work_profile
  • From the agent, select Continue -> Enroll with QR Code -> Scan and scan the QR code. Follow the on-screen instructions for enrolling.

Note that any assigned apps will be automatically installed.