Menu

How to manage personal Gmail accounts in Managed Google Play Store

Environment 

  • Knox Manage (KM)
  • Android Enterprise

Overview

This knowledge base article provides information on managing personal Gmail accounts in a Managed Google Play Store, including how to allow or block users from adding their personal accounts using Knox Manage (KM), and how to restrict users from downloading certain apps. 

A Managed Google Play Store serves as a content marketplace for devices on Android Enterprise—here, you can browse and manage apps for your organization. Applications that have not been approved or assigned in KM do not appear in a Managed Google Play Store.

How do I allow users to download public apps not in the Managed Play Store?

To download an app from the public Play Store, users must add and switch to a personal Google account on the device. To do this:

  1. Navigate to Settings > Accounts and Backup > Accounts.
  2. Under Add personal Google account, enter the credentials for your personal Google account.
  3. From your work profile, launch the Managed Play Store and switch to your personal Google account.

You can now download public apps outside of the Managed Play Store.

How can I block users from downloading unapproved applications with a personal Google account in Knox Manage?

Currently, there are two methods of preventing users from downloading apps not in the Managed Play Store. Adding an "Account Blacklist" policy blocks personal Google accounts while allowing other personal accounts (e.g. Outlook) to be added. Alternatively, disabling the "Account Modification" policy blocks all personal accounts, including Google accounts, from being added or removed. 
 

Account Blacklist

  1. In your KM console, select Profile > Add to create a new device profile.
  2. In the profile settings, ensure Android Enterprise is selected under Platform.
  3. In the Set Policy menu, navigate to Android Enterprise > System.
  4. Under Account Modification, select Allow.
  5. Under Account Blacklist, add "com.google" to prevent users from adding personal Google accounts.
  6. In KM, approve and assign the Samsung Email app to your device's organization or group.
  7. On the device, launch Samsung Email and add a personal Google account.
Launching Managed Play Store on the device shows there are no other linked Google accounts, so the user can only download apps that have been approved for the organization or group. 
NOTE—In Samsung Email, adding a personal Google account appears as a Samsung Email account instead.
 

Account Modification

  1. In your KM console, select Profile > Add to create a new device profile.
  2. In the profile settings, ensure Android Enterprise is selected under Platform.
  3. In the Set Policy menu, navigate to Android Enterprise > System.
  4. Under Account Modification, select Disallow.
  5. After configuring this policy, users are unable to add any personal accounts, including Google accounts, in the Managed Google Play Store. 

Additional information