Enrolling Personal/Employee owned device for users enforced to sign in via GSuite
  • 12 Sep 2024
  • 3 読む分
  • PDF

Enrolling Personal/Employee owned device for users enforced to sign in via GSuite

  • PDF

The content is currently unavailable in Ja - 日本語. You are viewing the default English version.
記事の要約

This guide helps you to enroll your personal device to Scalefusion for SAML SSO users enforced to sign in with GSuite.

Before You Begin

  1. Make sure you have access to the corporate email.
  2. Make sure that your IT Admin has invited you to enroll in Scalefusion.
  3. GSuite users should have accounts registered with the respective Identity Service Provider
  4. The setting Enforce Users to sign in using SAML SSO is enabled in User Enrollment Settings on the Scalefusion Dashboard

Steps to Enroll Your Personal Device

The users who have configured and signed in with GSuite, and have enabled the setting Enforce users to sign in using GSuite in User Management, will be asked to authenticate by signing in with their GSuite credentials. In this case, the following will be the process of enrollment:

If this setting is disabled, the device is enrolled with the normal procedure as described here
  1. From the Google Play Store, install Scalefusion on your device and open it
  2. Scan the QR Code or select to Sign In via Email > BYOD
  3. Scalefusion app will try to access the device camera and the device information. Please grant the necessary permissions so that you can see the camera view. Open the email in which you have received the invite, and on your device, scan the QR Code that is there in the email.
    If you cannot scan the QR Code, then click on Sign In, enter your email ID on which you received the invite and enter the org-id that you see in the email.
  4. Once the QR Code is scanned and validated or the Sign values are validated, the Data Disclaimer screen will come. Click Agree on it.
  5. You will be taken to a Terms of Use page. These are the Terms of Use of your organization, read carefully and tap on I agree and choose Next
  6. After confirming terms of service, you will be asked to create a Work Profile.
  7. Post Creation of Work Profile When the app is started in Container mode following screen will appear, asking you to authenticate.
  8. Tap on Sign In using GSuite to launch the default browser and authenticate yourself using the credentials for username/email.
  9. Accept the terms & conditions and tap Accept & Continue
  10. Next, user would be taken to the login page of GSuite where they have to complete login and further handling till authorization succeeds.
  11. Once authenticated, you will get the Permissions screen, where you allow the permissions, and the device gets enrolled.


Note:
While signing in if the user is not able to enable the sign-in to gsuite toggle as it keeps going back and the continue button is greyed out, in that case please check the following settings in the Google Workspace Admin console.
  1. Please make sure that on the Google Workspace Admin console the check box to make MDM mandatory is unchecked.
    1. Devices > Mobile & Endpoints > Settings > Third Party Integrations > “Enable Third Party Android Mobile Management” should be unchecked.
  2. Please make sure that the check box to enforce password is unchecked.
    1. Devices > Mobile & Endpoints > Settings > Universal settings > General > Password       Requirements > “Require users to set a password” checkbox should be unchecked.

Device Enrollment in case of Authentication Failure

If authentication fails or, for some reason, you decide to enroll later or press back without confirming, you get the following authentication failure message

Note
In the authentication message, the alternative, that is, the OTP enrollment option, is available only if Admin has enabled Fallback to OTP in User Management > Settings


Tapping on OK will bring up the screen where you get to choose any authentication method from the following, that is,

  • Sign in using GSuite
  • Verify with OTP

From this point, you can try to authenticate again or use OTP (if Fallback to OTP is enabled) or even remove your work profile and start enrollment afresh.

If the User removes the Work Profile, Scalefusion needs to be uninstalled and installed again

After successful authentication, you will get the Permissions screen, where you allow the permissions and the device gets enrolled.


この記事は役に立ちましたか?