Use Android with G Suite or Cloud Identity

All editions of G Suite and Cloud Identity include security and management capabilities for Android as part of Google endpoint management. Alternatively, you can use a third-party enterprise mobility management (EMM) provider.

Use Google endpoint management

When you set up Google endpoint management, you can choose basic or advanced management. You can also customize management for different device platforms.

  • Use basic management if you want to secure devices with a screen lock or passcode, remotely wipe corporate accounts from devices, and manage Android apps.
  • Use advanced management for more control over device policies and passwords, to keep work and personal apps separate, and for the ability to wipe all data from devices.

Compare mobile management features.

To use Google endpoint management as your EMM provider:

  1. Set up basic mobile device management or advanced mobile device management.
  2. Source devices.

Use a third-party Android EMM provider

Instead of Google endpoint management, you can use a third-party Android EMM provider with your G Suite or Cloud Identity account. Third-party EMM providers support the same features as advanced Google endpoint management

To allow a third-party EMM provider to manage Android devices in your organization, you share an EMM token (a string of characters) with them. After you select a provider, contact them to find out how to share your EMM token. You can then enable the provider for selected organizational units.

Note: Immediately after you add an EMM provider, you can’t manage Android apps for any organizational unit in the Admin console. If you previously used Google endpoint management to manage apps, those apps are unmanaged until you enable the provider for organizational units. However, you can still use Google endpoint management to manage device security for any organizational units that you don’t enable the EMM provider for.

Step 1: Select a third-party EMM provider

Use the Enterprise Solutions Directory to find a third-party EMM provider for your organization. Android Enterprise Recommended providers meet an advanced set of enterprise requirements.

Step 2: Bind a third-party EMM provider

Before you begin: If you used Google endpoint management as your EMM, set mobile device management for the organizational units you want to manage with the Android EMM to Basic. Learn how 

  1. Sign in to your Google Admin console.

    Sign in using an account with super administrator privileges (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. Click Third-party integrationsand thenAndroid EMM.
  4. Click Manage EMM providers.
  5. If a token is present in the token generator, copy the token. Otherwise, click Generate Token to create a new token and copy it.
  6. Go to the EMM provider’s website and share the token. Your EMM provider should provide the remaining setup instructions.
  7. After the provider has your token, the provider is listed in the table.

  8. Close the Manage EMM providers dialog to return to the settings page.

The EMM provider is now listed on the Android EMM setting card. To enable the provider for your users, go on to the next step.

Step 3: Enable the EMM provider

Before you begin: To apply the setting for certain users, put their accounts in an organizational unit.

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Devices.
  3. Click Third-party integrationsand thenAndroid EMM.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit.
  5. Check the Enable third-party Android mobile management box.
  6. Click Save. If you configured a child organizational unit, you might be able to Inherit or Override a parent organizational unit's settings.
 

Next: Step 2. Source devices

Was this helpful?
How can we improve it?