Android for Work setup changes after upgrade to 8.2 FP3

Android for Work setup changes after upgrade to 8.2 FP3

With 8.2 FP3, a new setup wizard is introduced to adhere to the new Google architecture and security model for Android for Work. This document outlines what to expect as an existing or new Android for Work administrator after the upgrade.

New architecture for calling Google Play APIs:

  • AirWatch has implemented the new security model for calling Google Play APIs.
  • This requires each Android for Work administrator to create their own credentials for calling Google Play API’s and upload them into the AirWatch Admin Console.
  • Once uploaded, AirWatch will do a one-time registration of the customer specific credentials with Google for access.

Impact on new Android for Work administrators after upgrade

If an administrator is setting up Android for Work for the first time post upgrade to 8.2 FP3, there is an updated process to setting up Android for Work in the AirWatch Admin Console.

New Android for Work setup instructions can be found here.

Impact on existing Android for Work administrators after upgrade

If an environment was already setup for Android for Work before the upgrade and then upgraded to 8.2 FP3, existing and new enrollments will not be affected.

Existing Android for Work environments without Google Service Account previously configured:

  • No change to existing or new enrollments after the upgrade.
  • Will continue to use the deprecated Google architecture.

Existing Android for work environments with Google Service Account previously configured:

  • No change to existing or new enrollments after the upgrade
  • Will continue to use the deprecated Google architecture

Administrators required to modify existing Android for Work settings

Although current Android for Work enrolled devices and new devices will not be affected, it is required for administrators to update their Android for Work settings to support the new Google architecture, as explained in the first section above.

Existing Android for Work environments without Google Service Account already configured:

  • Navigate to Settings >Devices & Users >Android >Android for Work >Configure >Upload Token.
  • View your existing Google Admin Console Settings configured for the following:
    • Domain
    • Enterprise Token
    • Google Admin Email Address
  • Below that, under Google Developer Console Settings,you will need to obtain the following information:
    • Client ID
    • Google Service Account Email Address
    • Certificate Data

GoogleDeveloperConsoleSettings.png

  • Login to the Google Developer Console and create a Google Service Account to obtain this information as described under the section Creating Google Service Account on pages 11-17 in the document here.
  • When all the appropriate information from the document is uploaded into AirWatch, continue and finish with the setup. Verify that the Google Service Account has been modified correctly by using the Test Buttons.

AndroidForWork.png

Existing Android for Work environments with Google Service Account already configured:

  • Enable Play EMM API – You will need to enable the Play EMM API for your existing service account.
    • You will need to login to the Google Developer Console and view/modify your existing Google Service Account to get the Client ID to upload into AirWatch.
    • This is described under the section Creating Google Service Account on page 16 – step 8 in the document here.  
  • Enable Managed the API Client Access
    • You will need to login to the Google Admin Console to add the appropriate information.
    • This is described under the section Creating Google Service Account on page 16 – step 10 in the document here.
  • Navigate to Settings >Devices & Users >Android >Android for Work >Configure >Upload Token.
  • View your existing Google Admin Console Settings configured for the following:
    • Domain
    • Enterprise Token
    • Google Admin Email Address
  • Below that, view your existing Google Developer Console Settings from your existing setup for the following information.
    • Google Service Account Email Address
    • Certificate ID
  • Client ID - You will not see the Client ID configured which will be required to be updated.
    • You will need to login to the Google Developer Console and view/modify your existing Google Service Account to get the Client ID to upload into AirWatch.
    • This is described under the section Creating Google Service Account on page 16 in the document here.
    • Basically, from the left navigation pane go to Permissions->Service Accounts->View Client ID for your corresponding service account.
  • Continue and finish with the setup. Verify that the Google Service Account has been modified correctly by using the Test Buttons.

 TestButtons.png

Have more questions? Submit a request

0 Comments

Article is closed for comments.