Register a company with Google
If you want to use Managed Google Play Accounts for your Android MDM, please contact our sales team. You will receive an invitation from us by email .
- Click on Signup in the invitation email (arrow in illus.).
- In the window that follows, click on Start Signup (arrow in illus.). Please note, that for security purposes, you have only 10 minutes to configure Android Enterprise.
- In the next window, click on Get started.
- You will need a Google account for the registration Simply create a new account if you don’t have one already.
- Now use your Google account to sign in. You can use this account later to choose the apps that you want to make available to your users.
- Now enter your company name and then click on Next.
- Now provide the names and contact details of the data protection officer and the EU representative in your company.
- Then click on Complete Registration.
- On completion of a successful registration for Android Enterprise with Google, you will receive an email from Cortado with all the follow up information. This email will be sent to the same address as the invitation email.
- This email contains your Enterprise ID and your Service account email (arrows in illus.).
- There is also a security certificate (.p12) attached to the email (arrow in illus.).
- You have to transfer this data later to the Cortado managementkonsole eintragen. Before that, however, you will need a Server Key and a Sender ID. These are generated by Google Firebase.
Creating server key and sender ID
- Open the following link: https://console.firebase.google.com.
- Login with your Google account.
- Then select Add project (arrow in illus.).
- Enter a project name and select your country (arrows in illus.).
- Then select Create project.
- Your new project is ready. Proceed by clicking on Continue.
- Select the Settings (left arrow in illus.) and then click on Project settings (right arrow in illus.).
- Under Cloud Messaging you can find your Server key and your Sender ID.
Transferring Google settings to the Management Console
- Open the Cortado Management Console under Control Panel→ Global Settings→ MDM→ Configure→ Android MDM.
- Make the following settings:
- Server key: Enter the appropriate Server key here.
- Sender ID: Enter the corresponding Sender ID here.
- User account type: Select the Managed Google Play Accounts.
- Enterprise ID: Here, enter your Enterprise ID, which was sent to you from Cortado via email.
- Service account e-mail address: Enter the email address of the service account here, which was sent to you from Cortado via email.
- Certificate: Upload the certificate (.p12) here, which was sent to you from Cortado via email.
- Password: Enter the password notasecret here.
- Auto enable users for Android enterprise while import: Clear this check box if the users are not to be automatically enabled for Android Enterprise during import. This is useful if, for example if only some of the users are using Android enterprise. You have the alternative option to manually enable the users for Android Enterprise under Control Panel→ Users→ Enable Android Enterprise.
In the Cortado Managementkonsole under Control Panel→ Global Settings→ MDM→ Configure→ Android MDM you can make further settings.
The checkbox Auto enable users for Android enterprise while import (lower arrow in illus.) was activated automatically. Clear this check box if the users are not to be automatically enabled for Android Enterprise during import. This is useful if, for example if only some of the users are using Android enterprise. You have the alternative option to manually enable the users for Android Enterprise under Control Panel→ Users→ Enable Android Enterprise.
Basic Integrity failure action/CTS Profile Match failure action: Specify here what ought to happen during and after configuration of the Android devices if and when they fail Google’s SafetyNet test.
While configuring a device, and then every 10 minutes thereafter, Cortado Server asks Google if any security breaches have occurred on the device. The following security irregularities are considered relevant according to Google:
If Google reports such a violation to the Cortado management console, you can specify here how it must proceed:
- Do Nothing: There is no reaction to a safety violation during the SafetyNet check. In addition, an already locked device can be unlocked again by changing the setting from Lock to Do Nothing.
- Lock: All managed apps will be blocked (see also the section Lock Android Enterprise).
- Wipe: Fully managed devices can be reset to factory default settings (full wipe). For devices that have a work profile, the work profile is deleted from the device (partial wipe).
It is generally sufficient to select the Lock option and then check the user’s device to determine what the problem is.
Locked devices can be selected under Control Panel→ Devices and unlocked with Unlock Workspace. However, the lock is repeated after 10 minutes if the cause of the lock has not been removed.
You can also put these settings in place in the Android Enterprise policies and thus determine different settings for selected users, groups, or devices. Depending on the circumstances, it may take up to 10 minutes after configuring the devices for these policies to take effect. If settings are set up in the policies, they will have a higher priority than settings made in the global settings. The latter will then be applied only to those users for whom no policies have been created and distributed.