Cortado Server – Manual

Using Managed Google Play Accounts

56 views January 21, 2019 December 19, 2019 0

Register a company with Google

If you want to use Managed Google Play Accounts for your Android MDM, please contact our sales team. You will receive an invitation from us by email .

  • Click on Signup in the invitation email (arrow in illus.).
invitation to Android Enterprise (email)

invitation to Android Enterprise (email)

  • In the window that follows, click on Start Signup (arrow in illus.). Please note, that for security purposes, you have only 10 minutes to configure Android Enterprise.
click Start Signup

click Start Signup

  •    In the next window, click on Get started.
click on Get started button

click on Get started button

  • You will need a Google account for the registration Simply create a new account if you don’t have one already.
  • Now use your Google account to sign in. You can use this account later to choose the apps that you want to make available to your users.
enter your Google password

enter your Google password

  • Now enter your company name and then click on Next.
enter the name of the organisation and confirm

enter the name of the organisation and confirm

  •  Now provide the names and contact details of the data protection officer and the EU representative in your company.
enter contact details

enter contact details

  • Then click on Complete Registration.
complete registration

complete registration

  • On completion of a successful registration for Android Enterprise with Google, you will receive an email from Cortado with all the follow up information. This email will be sent to the same address as the invitation email.
  • This email contains your Enterprise ID and your Service account email (arrows in illus.).

confirmation email from

confirmation email from

  • There is also a security certificate (.p12) attached to the email (arrow in illus.).
 Security certificate in the attachment of the confirmation mail

Security certificate in the attachment of the confirmation mail

    • You have to transfer this data later to the Cortado managementkonsole eintragen. Before that, however, you will need a Server Key and a Sender ID. These are generated by Google Firebase.

Creating server key and sender ID

 add a new project

add a new project

  • Enter a project name and select your country (arrows in illus.).
  • Then select Create project.
enter project name and country

enter project name and country

  • Your new project is ready. Proceed by clicking on Continue.
click on Continue

click on Continue

  • Select the Settings (left arrow in illus.) and then click on Project settings (right arrow in illus.).
open Project settings

open Project settings

  • Under Cloud Messaging you can find your Server key and your Sender ID.

Transferring Google settings to the Management Console

  • Open the Cortado Management Console under Control Panel→ Glo­bal Settings→ MDM→ Configure→ Android MDM.
  • Make the following settings:
Configure Managed Google Play Accounts

Configure Managed Google Play Accounts

  • Server key: Enter the appropriate Server key here.
  • Sender ID: Enter the corresponding Sender ID here.
  • User account type: Select the Managed Google Play Accounts.
  • Enterprise ID: Here, enter your Enterprise ID, which was sent to you from Cor­tado via email.
  • Service account e-mail address: Enter the email address of the service account here, which was sent to you from Cor­tado via email.
  • Certificate: Upload the certificate (.p12) here, which was sent to you from Cor­tado via email.
  • Password: Enter the password notasecret here.
  • Auto enable users for Android enterprise while import: Clear this check box if the users are not to be automatically enabled for Android Enterprise during import. This is useful if, for example if only some of the users are using Android enterprise. You have the alternative option to manually enable the users for Android Enterprise under Control Panel→ Users→ Enable Android Enterprise.

Additional settings

In the Cortado Managementkonsole under Control Panel→ Glo­bal Settings→ MDM→ Configure→ Android MDM you can make further settings.

The checkbox Auto enable users for Android enterprise while import (lower arrow in illus.) was activated automatically. Clear this check box if the users are not to be automatically enabled for Android Enterprise during import. This is useful if, for example if only some of the users are using Android enterprise. You have the alternative option to manually enable the users for Android Enterprise under Control Panel→ Users→ Enable Android Enterprise.

make further settings

Basic Integrity failure action/CTS Profile Match failure action: Specify here what ought to happen during and after configuration of the Android devices if and when they fail Google’s SafetyNet test.

While configuring a device, and then every 10 minutes thereafter, Cortado Server asks Google if any security breaches have occurred on the device. The following security irregularities are considered relevant according to Google:

Quelle: https://developer.android.com/training/safetynet/attestation#possible-results

Source: https://developer.android.com/training/safetynet/attestation#possible-results

If Google reports such a violation to the Cortado management console, you can specify here how it must proceed:

  • Do Nothing: There is no reaction to a safety violation during the SafetyNet check. In addition, an already locked device can be unlocked again by changing the setting from Lock to Do Nothing.
  • Lock: All managed apps will be blocked (see also the section Lock Android Enterprise).
  • Wipe: Fully managed devices can be reset to factory default settings (full wipe). For devices that have a work profile, the work profile is deleted from the device (partial wipe).

It is generally sufficient to select the Lock option and then check the user’s device to determine what the problem is.

Locked devices can be selected under Control Panel→ Devices and unlocked with Unlock Workspace. However, the lock is repeated after 10 minutes if the cause of the lock has not been removed.

You can also put these settings in place in the Android Enterprise policies and thus determine different settings for selected users, groups, or devices. Depending on the circumstances, it may take up to 10 minutes after configuring the devices for these policies to take effect. If settings are set up in the policies, they will have a higher priority than settings made in the global settings. The latter will then be applied only to those users for whom no policies have been created and distributed.

Was this helpful?