Enrolling Android devices

With KACE Cloud, you can manage your organization's Android devices and ensure they are secure and compliant with your policies, and also to prevent their data from being exposed to unauthorized users. This topic provides specific instructions that allow you to enroll your Android devices.

KACE Cloud uses an agent to interact with managed Android devices. There are two types of agents that you can use, each requiring a specific enrollment path:

• AMAPI enrollments use a Google Android Agent interacts with KACE Cloud through the Android Management API (AMAPI). This path requires a valid AMAPI configuration in Google Console and some additional setup steps in KACE Cloud.
• EMM enrollments use a KACE Cloud Android agent interacts with KACE Cloud through the KACE Cloud app that must be installed on managed Android apps.

You can choose one or both enrollment paths, as needed.

After completing the steps associated with the desired enrollment path, you have an option to integrate with other enrollment providers and configurations, as required, such as Samsung Knox device enrollment or integration with the KACE Systems Management Appliance.

The following procedure summarize the steps for enrolling your Android devices:

1. Create a Google account.

   You must create the following accounts with Google:

   • An account to use the Google Play services, such as the Play Store and enrolling devices using the traditional Enterprise Mobility Management (EMM) Device Policy Controller (DPC) Android agent, also known as KACE Agent.
   • An account to use with the Google Android Management API (AMAPI). This account is necessary to use the newer Google-provided Android agent.

   See this topic for more details.

2. Enroll Android devices by following the appropriate path (AMAPI or EMM).

   KACE Cloud uses an agent to interact with managed devices. The steps you need to complete before the actual enrollment process depend on the selected agent and the way the agent interacts with KACE Cloud. You can configure KACE Cloud to have one or both of the available paths (AMAPI and/or EMM) available to you, as needed. To switch from one enrollment path to another, you must unenroll and then enroll a device using a desired path.

   AMAPI enrollments

   1. Set up a Google Console project.

      The Android Management API integration requires a Google Console project that you must set up using your Google account. See detailed instructions here.

   2. Configure Android Management API.

      Specify the details needed to integrate KACE Cloud with the Google Android Management API. You need to provide some information from your Google Console project, such as your Project ID, Service Account Name, Secret Key, and Enterprise ID. See detailed instructions here.

   3. Optional: Integrate with automated enrollment providers.

      If your organization uses automated enrollment providers, you can integrate with them through KACE Cloud. For example:

      • Configure Android Zero-Touch enrollment in KACE Cloud
      • Configure Samsung Knox device enrollment
   4. Ensure that the device user accounts are properly configured in KACE Cloud.

      To enable new users to enroll their devices, you must ensure that their user account exists in KACE Cloud, and that the account has the Device User role. See detailed instructions here.

   5. Enroll Android devices.

      There are different types of Android enrollments based on different scenarios. You can enroll personal devices and company-owned devices. To better understand the available enrollment scenarios, review this topic. Then, follow the enrollment instructions for the desired device type, as applicable.

   6. Optional: Install the KACE Cloud AMAPI Companion app on managed Android devices.

      Complete this step only if your target devices use digital certificates. Digital certificates allow administrators to identify devices and grant them access to your organization's resources. The KACE Cloud AMAPI Companion app extends the Google agent's functionality, allowing you to manage certificates on AMAPI-enrolled devices. See this topic for more details.

   EMM enrollments

   1. Link your Google Play organization with KACE Cloud.

      Linking your Managed Google Play Organization with KACE Cloud is a prerequisite for enabling Android enrollment and Android app management. See detailed instructions here.

   2. Optional: Configure silent authentication for Android devices.

      Complete this step only if you want to enroll Samsung Knox and Android Zero Touch devices without prompting their users for access credentials. To do that, generate a certificate in KACE Cloud to sign the initial enrollment request. See detailed instructions here.

   3. Optional: Integrate with automated enrollment providers.

      If your organization uses automated enrollment providers, you can integrate with them through KACE Cloud. For example:

      • Configure Android Zero-Touch enrollment in KACE Cloud
      • Configure Samsung Knox device enrollment
   4. Ensure that the device user accounts are properly configured in KACE Cloud.

      To enable new users to enroll their devices, you must ensure that their user account exists in KACE Cloud, and that the account has the Device User role. See detailed instructions here.

   5. Enroll Android devices.

      There are different types of Android enrollments based on different scenarios. You can enroll personal devices and company-owned devices. To better understand the available enrollment scenarios, review this topic. Then, follow the enrollment instructions for the desired device type, as applicable.