How to Integrate Google Workspace with MaaS360 for Device Management
In today's digital landscape, efficient and secure management of business tools is vital for any organization. Google Workspace (formerly known as G Suite) offers a powerful suite of cloud-based productivity and collaboration tools designed to streamline workflows and enhance communication. By integrating Google Workspace with MaaS360, organizations can leverage advanced device management capabilities, ensuring seamless user management, robust security, and comprehensive control over enterprise devices.
This comprehensive guide will walk you through setting up Google Workspace, integrating MaaS360 with a Google Workspace Account, configuring UserSync for streamlined user management, and enrolling devices for enhanced security and compliance.
1. Setting Up Google Workspace
- Sign Up for Google Workspace
To start, you'll need a valid Google Workspace account. You can create one by visiting the Google Workspace website and selecting the plan that suits your organization. During the signup process, you'll provide your business information and select a domain name. If you don't have a domain, you can purchase one directly from Google and activate your required services.
Add your organization's users by navigating to the "Users" section in the Admin Console. Click "Add new user" and input their details, such as name and email address. You can set up temporary passwords that users will change upon first login.
2. Integrating MaaS360 with a Google Workspace Account
This guide will walk you through the steps to set up Android Enterprise integration with MaaS360 using a Google Workspace account (previously known as Google Workspace for business).
Before integrating your Google Workspace account with Android Enterprise, make sure you have:
1. Google Workspace Account:
2. EMM Token:
- You’ll need to generate an Enterprise Mobility Management (EMM) token within your Google Admin console.
Follow these steps to generate an EMM token in your Google Admin account:
1. Sign in to Google Admin Console:
2. Navigate to Third-Party Integrations:
- In the Google Admin console, click on Devices in the left navigation pane.
- Navigate to Mobile & endpoints > Settings > Third-party integrations.
3. Add an EMM Provider:
- In the Third-party integrations section, click Android EMM > Add EMM Provider.
4. Generate the EMM Token:
- On the Manage EMM provider page, click Generate Token.
- Important: Keep this token handy; you’ll need it to bind your MaaS360 account with your Google Workspace account.
- Binding Your Google Workspace Account with MaaS360
Once you have the EMM token, follow these steps to connect your Google Workspace account with MaaS360:
1. Access the MaaS360 Portal:
- From the MaaS360 Portal Home page, navigate to Setup > Services.
2. Enable Android Enterprise:
- On the Services page, expand the Mobile Device Management section.
- Select Enable Android Enterprise.
3. Select Google Workspace Account:
- Choose a Google Workspace account as the option for integration.
4. Enter Domain Name and EMM Token:
- Enter your Google Workspace domain name.
- Paste the EMM token you generated in the Google Admin console.
5. Connect Accounts:
- Click Connect and authenticate.
- Your MaaS360 account will now be connected to your Google Workspace account.
- In the MaaS360 Portal, you’ll see a Connected status with a green check mark on the Services page.
- Your Google Admin console will also update with the new third-party EMM provider information.
By following these steps, you will have successfully integrated your Google Workspace with MaaS360, ensuring effective mobile device management for your organization.
3. Synchronize Users with MaaS360
This will provide detailed instructions on synchronizing users with MaaS360 and Google Workspace. This integration allows visibility into devices configured with Google Workspace accounts as an enterprise mail resource and enables access control rules.
Preparation
Before beginning the integration process, ensure you have:
- Administrator Access: You need administrator access to both the MaaS360 and Google Admin consoles.
Step 1: Enable Android Enterprise in MaaS360
- Log in to the MaaS360 Portal:
- From the Home page, navigate to Setup > Services.
- Enable Android Enterprise:
- Under the Mobile Device Management section, select Enable Android Enterprise.
- For detailed instructions on enabling Android Enterprise, refer to the guide on Integrating with a Google Workspace account.
Step 2: Enable API Access in Google Admin Console
- Open Google Admin Console:
- Access Security Settings:
- On the dashboard, click More Controls > Security.
- Enable API Access:
- On the Security page, click API reference and select the Enable API access checkbox.
Step 3: Connect Google Directory to MaaS360
- Initiate Directory Synchronization:
- In the MaaS360 Admin console, under Services > Mobile Device Management > Enable Android Enterprise > click Connect to Google Directory to synchronize users with the MaaS360 portal.
- Access Google Cloud Platform:
Step 4: Create a New Project on the Google Cloud Platform
- Start a New Project:
- From the Dashboard, click Enable APIS and Services > MaaS360 from the drop-down list.
- Click NEW PROJECT.
- Configure Project Details:
- Enter the project name as "MaaS360".
- Click Edit under the project name and enter "MaaS360-Corporate ID" as the Project ID.
- Click CREATE.
Step 5: Enable the Admin SDK
-
- From the Dashboard, click Enable APIS and Services.
- In the API Library, search for Admin SDK, open it, and click Enable.
Step 6: Configure the OAuth Consent Screen
- Configure Consent Screen:
- Go to the Credentials section on the sidebar.
- Click Configure Consent Screen, select External, and click CREATE.
- Enter Basic Information:
- Enter an email address and a product name, then click Save and Continue.
Step 7: Create OAuth Client ID
- Create Client ID:
- Select Create Credentials > OAuth client ID.
- On the Create client ID page, select Application Type > Web Application.
- Enter URLs for MaaS360:
- Enter the URL you use to access your MaaS360 instance.
- Note: To find the correct URL, go to MaaS360 Portal Home page > Setup > Services > Mobile Device Management > Enable Android Enterprise > click Connect to Google Directory. The URLs are listed in Step 6.
- Enter Authorized JavaScript Origins and Redirect URIs:
- For Authorized JavaScript Origins, enter the URL of your MaaS360 instance (e.g., https://portal.fiberlink.com).
- For Authorized Redirect URIs, enter the callback URL (e.g., https://portal.fiberlink.com/cloud-integration-portal/googleAuthCallBack/response).
- Create the OAuth Client ID:
- Click Create.
- Important: Write down the Client ID and the Client Secret for future reference.
- Download JSON File:
- From the Credentials page, download the JSON file for the MaaS360 client you created.
Step 8: Configure Google Credentials in MaaS360
- Enter Administrative Details:
- In the MaaS360 portal, enter the email address of the administrator who created the API.
- Upload JSON File:
- Upload the JSON file downloaded from the Google Cloud Platform.
- Set Up Notifications:
- Enter an email address to receive failure notifications.
- Finalize the Configuration:
- Click Upload.
- The configuration page will display a success message.
- Authorize MaaS360:
- Click Authorize Now to authorize MaaS360 to access data from the Google Directory.
- Allow Access:
- Select an email account to log in to MaaS360 and click Allow.
By following these steps, you’ll successfully integrate Google Workspace with MaaS360, allowing for enhanced device management and security within your organization.
4. Enrolling Devices for Management
Enrolling devices allows you to manage and secure them through the Google Admin Console, applying policies and deploying apps across your organization.
Enroll the device in MaaS360
- Create an enrolment request with the user created in that domain in the MaaS360 console.
- Enroll the Android device using the credentials.
2. Define and Apply Policies
Create policies to secure your devices. These may include:
- Password complexity and length requirements.
- Device encryption mandates.
- Restrictions on certain apps.
- Remote wipe capabilities.
Apply these policies to different devices or groups to ensure compliance and security across all devices.
3. Monitor and Manage Devices
Use the MaaS360 Admin Console to monitor the status of enrolled devices. You can manage device settings, enforce policies, and perform actions like remote wipes if devices are lost or stolen. Regular monitoring helps maintain security and compliance.
Conclusion
Integrating Google Workspace with MaaS360 enhances device management and security. By following this guide, you can efficiently manage users and devices, leveraging the capabilities of both platforms.