Configure Android zero-touch devices directly from the Admin console

What’s changing 

We’re integrating the Android Zero-Touch iFrame with the Admin console for a better, more seamless experience for admins. Zero-Touch devices are devices which have been purchased from Zero-Touch resellers and used in company owned mode. 

Directly from the admin console, admins will be able to: 
  • Set Google Workspace provided configurations for zero-touch devices. 
  • Link Workspace accounts with zero-touch accounts, ensuring devices will always enroll under Google endpoint management. They’ll also have the ability to unlink accounts if needed. Note that one Workspace account can be linked to multiple zero-touch accounts, but a zero-touch account can be linked to only one Workspace account.
In the Admin console, navigate to Devices > Mobile & endpoints > Settings > Enrollment > Android Zero touch 



Who’s impacted

Admins


Why you’d use it 

This update makes it easier for admins to specify a Zero touch configuration for their company owned devices directly from the Admin console. For enterprise mobility management partners (EMMs) this also minimizes the number of Google APIs and portals they need to interact with as well. Zero-touch devices will always enroll an account according to the GEM provided configuration — users cannot bypass this, even if they factory reset the device.

We strongly recommend that you continue to use the Zero-Touch customer portal if you need to:
  • View a list of your zero-touch company owned devices
  • Create more than one custom configuration
  • Set or remove configurations from a device

Getting started


Admins: 

Rollout pace


Availability

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Business Plus; Enterprise; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials and Enterprise Essentials Plus, Frontline Starter and Frontline Standard customers.
  • Available to Cloud Identity Premium customers.

Resources


Configure and bind multiple Android Enterprise Mobility Management providers

What’s changing 

You can now bind multiple Android enterprise mobility management providers (EMM) to your Google Workspace account. Previously, you could only bind a single EMM within your organization. This update gives you more control over how devices in your organization are managed. Specifically, it offers: 


More flexibility: You can choose the right EMM for each user group in your organization. For example, you can use one EMM for engineers and another for retail staff. 


Enhanced control: You can now have multiple instances of the same EMM provider, for example a cloud instance and an on-premise instance, to manage different sets of users. 


Easier migrations: You can now run multiple EMMs in parallel, allowing them to perform phased migrations from an old EMM to the new EMM over time.



Additional details


Private apps
We strongly recommend that admins familiarize themselves with how binding multiple EMMs will impact availability of private apps. You can find more information in our Help Center regarding creating web apps and distributing private apps.


Google Play store
If you’re binding multiple EMMs to a Google Workspace or Google Cloud identity account, you must use your EMM iframe and not play.google.com/work to access the managed Google Play store.

Getting started


Rollout pace

  • This feature is available now for all users.

Availability


  • Available to all Google Workspace customers.


Resources

Improving user safety in OAuth flows through new OAuth Custom URI scheme restrictions

Posted by Vikrant Rana, Product Manager

OAuth 2.0 Custom URI schemes are known to be vulnerable to app impersonation attacks. As part of Google’s continuous commitment to user safety and finding ways to make it safer to use third-party applications that access Google user data, we will be restricting the use of custom URI scheme methods. They’ll be disallowed for new Chrome extensions and will no longer be supported for Android apps by default.

Disallowing Custom URI scheme redirect method for new Chrome Extensions

To protect users from malicious actors who might impersonate Chrome extensions and steal their credentials, we no longer allow new extensions to use OAuth custom URI scheme methods. Instead, implement OAuth using Chrome Identity API, a more secure way to deliver OAuth 2.0 response to your app.

What do developers need to do?

New Chrome extensions will be required to use the Chrome Identity API method for authorization. While existing OAuth client configurations are not affected by this change, we strongly encourage you to migrate them to the Chrome Identity API method. In the future, we may disallow Custom URI scheme methods and require all extensions to use the Chrome Identity API method.

Disabling Custom URI scheme redirect method for Android clients by default

By default, new Android apps will no longer be allowed to use Custom URI schemes to make authorization requests. Instead, consider using Google Identity Services for Android SDK to deliver the OAuth 2.0 response directly to your app.

What do developers need to do?

We strongly recommend switching existing apps to use the Google Identity Services for Android SDK. If you're creating a new app and the recommended alternative doesn’t work for your needs, you can enable the Custom URI scheme method for your app in the “Advanced Settings” section of the client configuration page on the Google API Console.

User-facing error message

Users may see an “invalid request” error message if they try to use an app that is making unauthorized requests using the Custom URI scheme method. They can learn more about this error by clicking on the "Learn more" link in the error message.

Image of user facing error message
User-facing error example

Developer-facing error message

Developers will be able to see additional error information when testing user flows for their applications. They can get more information about the error by clicking on the “see error details” link, including its root cause and links to instructions on how to resolve the error.

Image of developer facing error message
Developer-facing error example

Related content

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15572.57.0 Browser version: 117.0.5938.144 for most ChromeOS devices.

If you find new issues, please let us know one of the following ways

  1. File a bug
  2. Visit our ChromeOS communities
    1. General: Chromebook Help Community
    2. Beta Specific: ChromeOS Beta Help Community
  3. Report an issue or send feedback on Chrome

Interested in switching channels? Find out how.

Matt Nelson,
Google ChromeOS

Celebrating Digital Inclusion Week at GFiber

Google Fiber believes everyone deserves fast, reliable internet at an accessible price all year round. But this week is Digital Inclusion week- the perfect opportunity for us to reflect on some of the high-impact digital equity work that we are excited to be a part of! Join us as we celebrate the projects and partnerships that are getting more people connected to the amazing opportunities the internet provides. 

Affordable high-speed internet: Access to high-quality internet is essential for every household, yet affordability is a challenge for many on the wrong side of the digital divide. That’s why we’ve been such strong supporters of the FCC’s Affordable Connectivity Program, and why we are now offering 300 Meg for $30 a month to customers who are participating in this program. With the $30 subsidy through the FCC, this plan is available at no cost to our ACP customers. The need for the Affordable Connectivity Program has never been clearer.  Over 20 million American households are using these funds to stay connected to work, school, family and more. That’s why Google Fiber has been encouraging Congress to renew funding for ACP. Reach out to your representatives to ask them to ensure this essential program continues to connect our country.

Digital literacy: We invest in digital literacy programs that empower people with the skills needed to navigate the online world. This year GFiber supported Des Moines, Iowa’s Shalom Community Impact Center’s digital literacy programming, helping immigrant families get connected to the critical resources needed to navigate their new home. In Nashville, Tennessee, we proudly supported the Nashville Cyber Seniors workshops, classes, and educational resources. And in Atlanta, Georgia, our partner Inspiredu provided over 3,500 hours of digital literacy training to community members.


Thumbnail



Transformative partnerships: Many of our longtime partnerships are pioneers of sustainable and scalable community-based solutions. In 2015, we became a founding sponsor of NTEN’s  Digital Inclusion Fellowship, a nationwide effort to build the capacity of local organizations to close the digital divide in their communities. In 2023, we are proud to sponsor 15 fellows in this year’s cohort of digital equity champions. PCs for People in Kansas City was one of our earliest community partners.  This year, we launched a new partnership with this digital equity powerhouse to get low-cost internet to 4 affordable housing communities.  And in North Carolina, our longtime partner E2D is bridging the device gap, distributing over 1,000 no-cost laptops to families in need when they need them most- before the start of the new school year.    


Local alliances:  We support foundations and coalitions who are tackling their community’s big challenges.  We proudly support the Community of Huntsville Foundation’s Digital Equity Fund, which has invested in 33 digital equity programs across the city. In Austin, Texas, we supported Foundation Communities’ vision of  creating “housing where families succeed” by providing residents with a no-cost laptop. In Arizona, Google Fiber joined the Mesa College Promise Program supporting the education of Mesa’s high school students for the first two years of college. 



Innovative technologies: Innovation has always been at the heart of Google Fiber’s bold vision that everyone should have access to affordable internet. In the last three years, we’ve made tremendous strides, upgrading our products, services and network. This year, we launched GFiber Labs, dedicated to pushing the bounds of innovation and increasing our ability to serve more people in more places.  

From digital navigators to policy makers, we are so proud to be part of a movement to bring better internet to more people. But Digital Inclusion week isn’t just about celebrating. It is also a chance to reflect on where we can continue to challenge ourselves and others to advance digital equity and inclusion in a meaningful way.  (One more plug to encourage your representative to support ACP!) 2023 has been a year we are proud of, but there is so much work to be done and we are just getting started.  

Posted By Jess George, Head of Digital Equity & Community Impact