In the second stage of the setup procedure for Android for Work, you
create and configure a Google service account.
Prerequisite: You have a domain administrator account for your Android for Work
A Google service account is a special type of Google account for an application. This
account is used by Sophos Mobile Control to communicate with the Google Android for Work
Create a project:
Click the following link https://console.developers.google.com/apis/library to open the Google API console. Log in with the credentials of your domain
In the header bar of the Google API console, click
If you already have a project, the header bar shows the project name instead of the
In the New project dialog, enter a project name, for example
Android for Work, and then click
Enable the required APIs:
On the menu sidebar, click Library, and then enter the string
admin sdk in the search field.
In the search result list, click Admin SDK.
At the top of the Admin SDK page, click
Click Library again and repeat the previous three steps for the
Google Play EMM API.
This time, use emm as a search string.
Create a service account:
On the Google Play EMM API page, click Go to
In step one of the Add credentials to your project page, click the
service account link.
On the Service Accounts page, click Create Service
In the Create service account dialog box, enter the following
In Name, enter a name to identify the service account, for
example Android for Work.
Select Furnish a new private key and then select
Select Enable G Suite Domain-wide Delegation.
In Product name for the consent screen, enter for example
Android for Work.
When you click Create
, the private key for your service account
is generated and saved to your computer in a JSON file.
Note: Store the JSON file in a
secure location. You need it to bind Sophos Mobile Control to your Android for Work
Configure API access:
Click the following link https://admin.google.com to open the Google Admin console and log in with the credentials of
your domain administrator account.
Click Security and then click Advanced
Tip: You may need to click Show more to display
Click Manage API client access.
Open the JSON file in a text editor and copy the client_id value into
the Client Name field.
For example, if your JSON file contains a
in the Client Name
In the One or more API Scopes field, enter the following two
URLs, separated by a comma:
You can now bind Sophos Mobile Control to your Android for Work domain. See Bind Sophos Mobile Control to your domain