Managed Google domains allow customers to use multiple Google products in their organization. The Google Admin console allows IT admins to manage these products.
Some products such as Google Workspace and Cloud Identity include security and management capabilities for Android as part of Google endpoint management. Alternatively, you can use a third-party enterprise mobility management (EMM) provider.
Use Google endpoint management
Note: Google endpoint management is included in most editions of Google Workspace and Cloud Identity. If your managed Google domain does not include this feature, you may need to upgrade your plan.
When you set up Google endpoint management, you can choose basic or advanced management. You can also customize management for different device platforms.
- Use basic management if you want to secure devices with a screen lock or passcode, remotely wipe corporate accounts from devices, and manage Android apps.
- Use advanced management for more control over device policies and passwords, to keep work and personal apps separate, and for the ability to wipe all data from devices.
Compare mobile management features.
To use Google endpoint management as your EMM provider:
Use a third-party Android EMM provider
Instead of Google endpoint management, you can use a third-party Android EMM provider with your managed Google domain. Third-party EMM providers support the similar features to advanced Google endpoint management.
Multiple EMM providers can now be bound to a single managed Google domain. This enables different EMM providers to manage distinct sets of users. Each provider can be configured with different settings, and used to manage devices of different user organizational units (OUs) by enabling the desired EMM provider for that organizational unit.
Step 1: Select a third-party EMM provider
Use the Enterprise Solutions Directory to find a third-party EMM provider for your organization. Android Enterprise Recommended providers meet an advanced set of enterprise requirements.
From 2024, all new Android Enterprise customers will be provided with a managed Google domain when enabling Android management through their chosen EMM provider.
After completing the Android Enterprise registration process, your chosen EMM provided will be automatically bound to their managed Google domain - step 2 below can be skipped.
Step 2: Bind a third-party EMM provider
Use the Enterprise Solutions Directory to find a third-party EMM provider for your organization. Android Enterprise Recommended providers meet an advanced set of enterprise requirements.
From 2024, all new Android Enterprise customers will be provided with a managed Google domain when enabling Android management through their chosen EMM provider. After completing the Android Enterprise registration process, your chosen EMM provided will be automatically bound to their managed Google domain - step 2 below can be skipped.
If your organization has an existing managed Google domain, you can allow a third-party EMM provider to manage Android devices in your organization. After you select a third-party EMM provider, follow their instructions to enable Android Enterprise management and bind to your existing managed Google domain. You can then enable the EMM provider for selected organizational units using the Google admin console.
Before you begin: If you used Google endpoint management as your EMM, set mobile device management for the organizational units you want to manage with the third-party EMM to “Basic”. Learn how
After you add a third-party EMM provider:
- You can’t manage Android apps for any organizational unit through the Admin console.
- Note: If you previously used Google endpoint management to manage apps, those apps are unmanaged until you enable the provider for organizational units.
- You can still use basic mobile management in Google endpoint management to manage device security for any organizational units that you don’t enable the EMM provider for.
- Note: Organizational units will not support advanced Google endpoint management once a third-party EMM has been added.
-
Sign in to your Google Admin console.
Sign in using an account with super administrator privileges (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesMobile & endpointsSettingsThird-party integrations.
-
Click Android EMMManage EMM providers.
-
If a token is present in the token generator, copy the token. Otherwise, click Generate Token to create a new token and copy it.
- Go to the EMM provider’s website and share the token. Your EMM provider should provide the remaining setup instructions.
-
After the provider has your token, the provider is listed in the table.
-
Close the Manage EMM providers dialog to return to the settings page.
Step 3: Enable the EMM provider
Before you begin: If you need to set up a department or team for this setting, go to Add an organizational unit.
-
Sign in to your Google Admin console.
Sign in using your administrator account (does not end in @gmail.com).
-
In the Admin console, go to Menu DevicesMobile & endpointsSettingsThird-party integrations.
-
Click Android EMM.
-
(Optional) To apply the setting to a department or team, at the side, select an organizational unit. Show me how
-
Check the Enable third-party Android mobile management box.
-
Click Save. Or, you might click Override for an organizational unit.
To later restore the inherited value, click Inherit.
Step 4: Enable Authenticate Using Google
- In the Admin console, go to Menu Devices Mobile & endpoints Settings Third-party integrations, then click Android EMM.
- Click Manage EMM Providers.
- Toggle Authenticate Using Google to ON for your EMM provider.
Note: This option will be unavailable if your EMM provider doesn't support this feature.