Enroll to Managed Google Play Accounts enterprise

Learn how to enroll to Managed Google Play Accounts enterprise to manage applications on Android devices.

The work flow to enroll to managed Google Play Accounts enterprise is as follows:

A. Request for enterprise token and upload it: You need an enterprise token (the Google credentials for the master service account), to create service account credentials, and to enable required privileges which is required for enterprise-specific service account. This token has user-restricted privileges and is not a part of MDM server installation. You need to request a token from BigFix MCM Admin Configuration page and upload it to further proceed to create an enterprise service account.

B. Register for an enterprise service account and complete the process to manage Android devices.

A. Request for enterprise token and upload it

As an IT admin, to send request for enterprise token, perform the following steps:
  1. Go to the BigFix MCM Admin Configuration (for example, https://MDM-demo/config). This URL represents where you installed MDM and is separate from the WebUI. Enter the Android Server Admin user name and password that you have set for non-G-suite account during Android MDM server installation and click Login.
    Note: If you enter the wrong username/password more than five times consecutively, the site is locked and you cannot log on to BigFix MCM Admin Configuration page. The site gets unlocked after 15 minutes by default. The number of times before the site gets locked and the number of minutes after which the site gets unlocked are configurable through MCM environment variables.
    Note: You can change the look and feel of Enrollment UI and Android Server Configuration UI by changing the color, image, logo, brand name and so on. For details, see Rebranding user interfaces.

  2. From the BigFix Admin Configurations page, navigate to Manage Token and click Request Token.

    This triggers a mail to the logged in BigFix MCM Admin with the generated encoded secret and the deployment serial number.

  3. Send the email with the encoded secret and the deployment serial number to the HCL BigFix MCM Admin (bigfix_mdm_admin@hcl.com). HCL BigFix MCM Admin uses the information, generates the encrypted token file (FILE_2.enc), and mails it back to you.

  4. After you receive the encrypted token file from the HCL BigFix MCM Admin, upload it. To do that, in the BigFix MCM Admin Configuration page, navigate to Manage Token and click Upload Token. On successfully uploading the token, the success message is displayed and under Enterprise Registration, the Register button is enabled and you can register the enterprise.

Note: The enterprise token can be used just once. After an enterprise service account is created using the token, it gets destroyed.

B. Register for an enterprise service account

As an IT admin, to register your enterprise using the Android Management API, perform the following steps:
  1. Go to the BigFix MCM Admin Configuration page (for example, https://MDM-demo/config. Note this is separate from WebUI). Enter your organization email ID and password and click Login.

  2. The following screen appears, Enter the required details.

    Enterprise Registration

    Note: The Register button gets enabled only after uploading the token file received from the HCL BigFix MCM Admin .
    1. Business Name: This field is required. Enter the name of the business to be displayed. The number of characters must be less than 100.
    2. Data Protection Officer: This is optional. Enter the Name, Email, and Phone number of the person responsible for the data.
    3. EU Representative: This is optional. Enter the Name, Email, and Phone number of the person who represents the enterprise.
    4. Contact Info: This is optional. Enter the email of the person to contact in the enterprise.
      Note: After the enterprise is registered, you can modify the details of Data Protection Officer, EU Representative, and the Contact Info.
    5. Select the consent check box for Managed Google Play agreement.
    6. Click Register.

    A service account is created that is uniquely identifiable by business name and is auto-provisioned.

    After completing the registration, BigFix MCM Admin Configuration page displays the enterprise ID, Account Type, Service Account, and all the other optional information entered.

    Enterprise registered

    This process creates the Enterprise service account, service account credentials, and encrypts the credentials and saves to certificates directory. IT admins can now provision Android devices to the created enterprise account. Managed Google Play Accounts (user accounts) are automatically created when devices are provisioned.

  3. Update information: You can update the optional enterprise information such as the Data Protection Officer details, EU Representative details, and the Contact Email if required. To do that:
    1. Update the required information.
    2. Select the consent check box for Managed Google Play agreement.
    3. Click Update.