Citrix XenMobile and Google Android for Work
With the release of Citrix XenMobile 10.1 Server, Citrix XenMobile as EMM platform users are now able to manage for working Android. Users can create a special working profile for Android devices, the limitations of the operating system-based encryption and sharing includes, to ensure that business data separately and securely, while personal data remains confidential.
The following steps provide a guide for Android activate and manage to work with XenMobile.
we have different steps that are part of this implementation.
The following diagram shows the flow that we will pursue in the process of Android for Work and XenMobile Server Integration
Requirements .:
1. work XenMobile 10.1 environment.
2. Publicly available domain.
We categorize the flow in 5 stages on the whole.
1. Register create for Google Android for work and optimizing your domain ownership (enterprise domain), collect the EMM token, activate APIs and Service account.
2. Binding to EMM
3. XenMobile Server with Android for work.
4. Enable SAML-based SSO with XenMobile Server as Identity Provider.
5. Work Profile on Android devices / End User Experience
Level 1: .. Registering with Google Android for Work
find here register with Google Android to create a work for invoice. need the framework to deliver your / admin details, as required by Google, link your Android for Work account with your corporate domain and get ownership of the domain to which you will be provided with your EMM binding token by Google ,
1. Go to Google Android for Work Portal. (Https://www.google.com/work/android/) and partner site navigate.
2. If you have XenMobile EMM solution in use, go with BEGIN SETUP .
3. Enter your details, business details, account details and Google Admin security verification code, you accept the terms and condition and create your admin account.
4. Once you create your domain admin account, you will see the following screen. Click to verify your domain ownership on START .
Optimize your domain ownership.
6. Follow to check the instructions on the screen, your domain ownership.
steps to verify domain ownership are not discussed here. There are several ways to claim your domain ownership. Google recommends a TXT record or CNAME record for your domain to store DNS settings. (Note: You can
7 for more information on the same @ https://support.google.com/a/answer/6095407/)
to activate steps API and create a service account.
8. Login with your admin credentials https://console.developers.google.com/~~V and select Create a project .
9. Under New Project Enter create the project name and click .
10. . Once created, the project, with Google APIs click "API activate and manage APIs".
11. Under Google APIs Search EMM and select Google Play EMM API.
12. Click Enable API to enable the API.
13. Once you enable the Google Play EMM API, click Go To Credentials.
14. Now click on Service Account .
15. Click Build service account.
16. Under Service create account window Name deliver , the checkbox " a new private key Furnish "and select the key type as P12 , select the check box" enable the Google Apps domain wide delegation "and enter the " product name for the approval screen " and click create .
17. Once you click Create, you are asked to save the P12 file Once the service account is created, you are shown the password for the certificate. Click Close.
18. privileges , on service accounts > options for your service account, click View client ID .
19. Download the JSON file using the Download JSON Link (you can can save the JSON file for your future reference). Make sure you respect the Client ID and Service Account Details of this step, you use in your Google Admin console and XenMobile Server.
20. Login to Google Admin Portal (https://admin.google.com) with the Google Android for Work Admin credentials PostLogin Click Security .
21. Under Security Advanced Settings and the Advanced Settings Tab Click API client access manage
22. under Manage API client access, of Authorized API clients provide ID client in client name text box (as in step 16 above provide) and "https://www.googleapis.com/auth/admin.directory.user" in One or more API Scopes text box, and click authorize
stage 2: to EMM bond
here you prevent Google Android to work with Citrix EMM, which will allow you to manage Android to work with Citrix XenMobile Server. To enable / disable this tie you reach Citrix Technical Support need.
23. So Android bind for working with Citrix EMM, Consult Citrix Technical Support (https://www.citrix.com/contact/technical-support.html) along with your the binding token (you in step 7), Enterprise domain name and service account (from step 19) details.
Once the bonding is completed, you can confirm also see this Google Admin Portal, login portal admin to Security tab and Android for work settings You can that Google Android for Work account is tied to Citrix as EMM.
Stage 3: XenMobile Server with Android for Work
24 activate. Log on to the server console XenMobile, post Login Click Settings tab. Under Settings, select certificates.
25. Here you have the certificate (p12) file upload that you downloaded from Google Admin Portal (in step 17). Click import option.
26. Select the type of certificate as key store of import dropdown, select the keystore type as PKCS # 12 from the drop-down , the use of this Cert as a server from the use as [1945003wählen] drop, search the keystore file and the key memory enter password and click import.
27. Navigate to Settings tab, under Server, select Android for work.
28. Enter the Android for work domain name domain admin account service account ID and check enable Android for work and click save
Configure the following settings:
- domain name . Enter your Android for Work domain name; eg domain.com
- domain admin account :. Your domain administrator username type; for example, account email for Google Developer Portal used
- Service Account ID . Your service account ID type; , For example, the e-mail in the Google service account (serviceaccountemail@xxxxxxxxx.iam.gserviceaccount.com)
- Enable Android for connected work :. For working Click to enable or disable Android
Step 4: Enable SAML-based SSO with XenMobile Server as IDP
29 Login for XenMobile Server and navigate to Configure tab and click settings Under settings select certificates.
30. Select SAML it and from the XenMobile server certificate from the list of certificates and export save it on your computer (Note: these SAML cert use to upload in Google Admin portal enable SSO in the next steps)
31 Admin now portal Sign in to Google (https://admin.google.com) with the Google Android for Work Admin credentials PostLogin Click Security .
32. Under Security Configure Single Sign-On (SSO) , select the check box setup SSO with third party Identity -provider.
and enter the [1945004[
Log-in page URL as https: //
log-out page URL as https: //
change password URL as https: //
under test certificate to see the public SAML certificate you downloaded from XenMobile server (as in step 28), and then click SAVE
level 5: activation of job profile and End User Experience
33. end users should download Worx Home app store from the game on its Google Android device and enroll his device with the XMS server.
34. After successful login will inflate Worx Home of Android work profile to the end-user can access their Android for Work apps. (In the process, if your device is not encrypted, you are prompted to encrypt the device)
The main points :.
1. Make sure you use userPrincipalName for enrollment.
2. To cause the work profile on the Android device, you need to have at least one Android defined for labor policy and implemented in XenMobile Server.
3. To define a policy for Android, log XenMobile Server and navigate to Configure tab, select device policies. Click Add to create a new device policy, from a In a new directive click Passcode to define the passcode policy for Android for work and him to desired [1945002bereitstellen] Delivery group
Credit : .. Thanks Chetan ithal and XenMobile QA team for working with Android helps
0 Komentar