Allow only one domain in Work Profile

Karthikeyan
Level 1.5: Cupcake

Hi All,

 

We have registered Android EMM with Managed Play Account (gmail) in Workspace ONE. We use Google Workspace for Google apps like email, calendar etc. I need to allow only adding our domain (mycompany.com) in Google Apps inside Work Profile. Is this possible? If yes, please guide me.

 

PS: We are not registering Android EMM with Google Workspace because the email domain is different from our IDP (Okta).

 

Thanks.

3 REPLIES 3

Lizzie
Google Community Manager
Google Community Manager

Hello @Karthikeyan,

 

Great to meet you, thank you for your post here. I've asked a colleague about your question here.

 

In general, you can add email accounts that are not part of your organization domain in Gmail's Work Profile.
However, there are potential ways** to achieve this via advanced architecture and additional policies in the WS1 console itself, ADFS, and VMWare Access (responsible for identity factors) altogether.

 

For Workspace One, you will need VMWare Workspace One Access linked with ADFS to create traffic rules in ADFS to pass all mobile traffic to WS1 Access. WS1 Access will then enforce this policy for your devices on which email domains should only be allowed in the devices enrolled in your Workspace One console.


I would suggest checking this with your EMM vendor regarding the architecture requirements that will help you achieve this goal. 

 

I hope this helps and if you can do let me know how you get on.

 

Thanks so much,

Lizzie



Welcome to the Community everyone!

Have a question or want to start a conversation, click here.

Teejay8200
Level 1.5: Cupcake

Does that mean I should choose the Google user for Google 

Moombas
Level 4.0: Ice Cream Sandwich

Hi Karthikeyan,

in our MDM we can set up a profile to prevent user of adding new accounts (Options are: none, all, all except Google accounts).

As i don't have work profile in use currently, i'm not sure but would think that would only affect the work part.

So, if you already provide the Google account to be used via the workprofile, i would choose "none".

 

Otherwise look into managed app config for example Google mail provides to prevent to add unmanaged accounts and much more.