Introduction
This document describes how to integrate Google Workspace-managed Android and iOS devices with Beyond Identity.
Prerequisites
Licensing Requirements
- Google Workspace SKUs and Features required:
- Frontline Standard
- Business Plus
- Enterprise (Standard and Plus)
- Education (Standard and Plus)
- G Suite Business
- Cloud Identity Premium
- Beyond Identity SKUs and Features required:
- Included with Beyond Identity Secure Workforce version 2.93 or greater
Role/Access Requirements
- Google Workspace Role/Access Requirements:
- Mobile Device Management administrator privilege.
- Mobile Device Management administrator privilege.
- Beyond Identity Role/Access Requirements:
- User with a minimum role of ‘Integrations Administrators’ for adding and configuring integrations
- User with a minimum role of ‘Policy Administrators’ for configuring policy
Supported Operating Systems
This integration supports Android and iOS managed devices.
Integrating Google Workspace MDM
Enable the integration in Beyond Identity
- In the Beyond Identity Admin console, select Integrations.
- Click the Endpoint Management tab.
- Click the download icon to the right of Google Workspace to open the following dialog.
- Enter the Google customer ID in the Customer ID field. You can locate this ID at:
https://admin.google.com/ac/accountsettings/profile - Click Save Changes. A Management ID will be created.
- On the Integrations page, click the Edit icon beside Google Workspace.
- On the Edit Workspace dialog, copy the generated value for the Management ID. You will use this ID in the next series of steps.
Set up Android apps with managed configurations
- Open the Google Admin console.
- Set up advanced mobile management for Android. For more information, see https://support.google.com/a/answer/7396025?sjid=352884471689974985-NA&visit_id=638406830667714017-2452226857&rd=1
- Add the Beyond Identity app.
-
Select Apps > Web and mobile apps.
-
Click Add app and select Search for apps.
-
Type "Beyond Identity" in the search and select the user access options.
-
Click Continue and complete the settings.
-
Click Finish. The following page is displayed.
-
- Add the Management ID from the Beyond Identity to the managed configurations. This management ID is read from the device, and if it matches the one stored in Beyond Identity, the device is considered to be managed.
- Under Managed configurations (shown in the image above), click Add managed configuration.
- On the Edit managed configuration page that displays, paste the Management ID you copied from the Beyond Identity Admin console in the Google MDM Management ID field.
- Click Save.
- Assign a managed configuration to an organizational unit or group:
- In the Google Admin console, navigate to Apps > Web and mobile apps.
- Click Beyond Identity.
- Click Settings.
- In the left nav bar under Search for organizational units > Beyond Identity, click the organization unit or group to which you want to assign a managed configuration.
- In the right pane, select the managed configuration you want to apply from the drop-down list.
- Click Save.
- Push the app to managed Android devices.
Set up iOS apps with managed configurations
These sections cover the steps in Google Workspace for adding and configuring Beyond Identity as an application.
Add Beyond Identity app
The instructions below go over adding Beyond Identity from the Google Workspace admin page.
- Log in to your Google Workspace administrator account.
- On the left-hand navigation, navigate to Apps → Web and mobile apps.
- On the Web and mobile apps page, click the Add app ⌄ dropdown.
- Click Search for apps.
-
On the Search apps screen, type
Beyond Identity
into the text field. - In the results table, click the Select button for the Beyond Identity app and iOS platform.
Configure Beyond Identity app
These steps are for configuring Beyond Identity within the Google Workspace.
- Under the User Access section, confirm All users in your organization is selected.
- Click Continue to proceed to the Settings page.
-
Under the Settings section, click the checkbox to enable Make this a managed app.
NOTE: The Remove app when the configuration profile is removed is enabled by default from the previous step. - Click Finish.
Set up managed configurations for Beyond Identity
The section below covers next steps for setting up Beyond Identity managed configurations.
Add XML configuration dictionary information
The steps in this section are for adding XML data to your Beyond Identity managed configuration.
- From Web and mobile apps → Beyond Identity page → Managed configurations section, click Add managed configuration.
-
On the Add a managed configuration page, type
Beyond Identity Managed Configuration
in the text field for the Name section. - In the Configuration section, paste the following XML configuration dictionary into the XML data field.
<dict>
<key>googleWorkspaceManagementID</key>
<string>{YOUR_INTEGRATION_ID_VALUE}</string>
</dict>
- Click Save to continue.
Select Beyond Identity for the managed configuration
This section covers the instructions for confirming Beyond Identity as a managed configuration.
- From Web and mobile apps → Beyond Identity page → Managed configurations section, click the ⌄ dropdown.
- Under the Settings page, scroll down to the Select a managed configuration section.
- Click the Select configuration dropdown.
- Select Beyond Identity Managed Configuration.
- Click Save to update the settings.
Add a policy rule for Beyond Identity integration
You can add a policy rule to determine whether Android devices are managed in Google Workspace.
- In the Beyond Identity Admin console, select Policy.
- Click Edit Policy.
- Click Add rule.
- (Optional) Enter a rule name and description.
- Beside Any Integration, click Add attribute.
- Select your device operating system in the dropdown for either Android or iOS.
- Select Google Workspace from the dropdown and then select either Managed or Not Managed for the devices.
- Click Add.
- Click Publish changes.
Comments
0 comments
Please sign in to leave a comment.