Managed Google Play allows organizations to deploy and manage apps on Android devices and enables end-users to access a curated Google Play Store for your organization. Organizations must register with Google to use managed Google Play and end-users need an account to access managed Google Play on Android.
Organization registration process
To begin the setup process, the IT admin logs into their 3rd party EMM provider and begins the âset up Android Enterpriseâ process (see the documentation for your EMM provider for specific steps). They will be redirected to the Android Enterprise registration process and prompted to specify the organization name, and the email address that the IT Admin will use to log in to manage the organization.
From 2024, all new organizations completing this process will be provided with a managed Google domain. In certain error scenarios, the organization may be prompted to create a managed Google Play Accounts enterprise as a fall-back option.
Managed Google domains
Managed Google domains allow customers to use multiple Google products in their organization. The Google Admin console allows IT admins to manage these products. Google Workspace and Cloud Identity are two examples of products that use managed Google domains. From 2024, all new organizations using Android Enterprise will use managed Google domains to manage Android Enterprise alongside other Google products.
End-users within organizations using managed Google domains can use managed Google accounts to access Google services, including managed Google Play. IT admins can bind multiple EMM instances to their managed Google domain, each will have a unique EMM binding ID (known as Enterprise ID).
Once the managed Google domain is created, IT admins can utilize it to create and delete accounts for end users, and add these identities onto managed Android devices (via their EMM).
Note: Managed Google domains support managed Google accounts (recommended) and managed Google Play accounts. Learn more about the types of Google accounts here.
In order to provide a seamless experience, EMMs may integrate the managed Google Play iframe directly in their console, allowing IT admins to view and curate apps. IT admins can also use their admin account to log into play.google.com/work to perform these actions. However, access to play.google.com/work is restricted to customers who have a single EMM binding.
Note: A number of Google services (e.g. Workspace Business Plus, Workspace Enterprise, Cloud Identity Premium) include advanced end-point management. Customers are advised to disable this feature, across their organization or per organizational unit, when using a third-party EMM to ensure a consistent experience when enrolling Android Enterprise devices and using managed Google Play.
Role-based administration for managed Google domains
Managed Google domains support extensive role based controls. IT admins can add additional admins to their managed Google domain and promote them to an admin role(s). For more information see Invite people to join your team and Change a team memberâs role.
Managed Google Play accounts enterprise
For organizations that donât use managed Google domains, A managed Google Play Accounts enterprise is a set of users, devices, and administrator accounts that are used to manage apps for your users. Your organization can have multiple managed Google Play Accounts enterprises. For more information see Organize managed Google Play accounts enterprise.
The enterprise will have an Enterprise ID, which maps 1-1 to each EMM instance, and reflects that the EMM instance controls the enterprise and associated user accounts. Deleting the enterprise, or Removing the enterpriseâs association with the EMM instance will result in the users losing access to Google Play, so take care to protect the Admin account.
Once the managed Google Play Accounts enterprise is created, IT admins can utilize it to create and delete managed Google Play accounts for end users, and install these identities onto managed Android devices (via their EMM).
Note: Managed Google accounts are not supported in managed Google Play accounts enterprises. Organizations using a Managed Google Play account enterprise can only use managed Google Play accounts. Learn more about the types of Google accounts here.
IT admins can also use their admin account to log into play.google.com/work to view and curate apps that will be visible to their managed users. In order to provide a seamless experience, EMMs may also provide a portal directly in their console, where IT admins can view and curate apps instead of needing to navigate to play.google.com/work.
Role-based administration for managed Google Play accounts enterprises
A managed Google Play Accounts enterprise has 2 levels of administratorâAdmin and Owner. For more information about these roles, see Assign roles in managed Google Play Accounts.