I am in the process of implementing an MDM solution in preparation for rolling out a large number of Android devices. We use a number of apps that are installed from the Google Play store and not side-loaded. As I understand it, a phone must be configured with a Google account before one can install apps from the store. On the test devices I have, I've simply signed up for a couple of Google accounts and have manually added them to the phones. However, that's not exactly ideal when I come to to do a mass roll out.
So, my question is this: how would one typically manage Google accounts in a corporate scenario with MDM? I've been investigating bits such as Google Directory Sync and Android for Work, but am unsure whether I'm barking up the right tree.
Apologies if I've fallen foul of the X/Y problem - I may even be wrong in thinking a Google account is required at all.
If it matters:
- I'm using MobileIron Cloud, so not Google's own MDM product
- The devices are Samsung and so support SAFE, Android for Work, etc
- The organisation has a Windows domain
- The devices are corporate owned and not BYOD
The eventual solution was to use Android for Work with devices in "device owner" mode. Here's a brief summary of the process:
Linking the MobileIron Cloud tenant with Google's Android for Work platform means any user accounts created within MobileIron Cloud also become accounts on Google's platform - no need for manual creation of Google Accounts.
Putting the device into "device owner" mode means (among other things), that instead of requiring you to enter a typical Google consumer account for the Play store etc, it uses the credentials you entered (the user's MobileIron account).
All works really nicely and means there's no need to create and manage separate Google accounts for each user - it's all integrated behind the scenes.