]

Solution

  • Workspace ONE

Type

  • Document

Level

  • Intermediate

Category

  • Operational Tutorial

Product

  • Workspace ONE UEM

OS/Platform

  • Android

Phase

  • Manage

Android Application Management: VMware Workspace ONE Operational Tutorial

Overview

Introduction

VMware provides this operational tutorial to help you with your VMware Workspace ONE® environment.

Internal apps are company-specific apps developed by your organization that are available for users to access from their device but not searchable in the public app store.

There are two options to deploy internal apps:

  • Add the app to Google Play as a private application. After you publish the app in Google Play, they are added as public applications in the Workspace ONE UEM console. Although these private apps are managed as public apps and are available for assigned users to access, they are not searchable in the public app store.
  • Host the application .apk file as a local file. This option applies to Android 6.0+ devices only.

    For information about approving, uploading, and assigning internal apps for Work managed devices (Android 6.0+), see Add and Deploy Internal Applications as a Local File in VMware Docs.

This tutorial covers the deployment of Android apps through the managed Google Play store and how to manage private apps in Workspace ONE.

Audience

This operational tutorial is intended for IT professionals and Workspace ONE administrators of existing production environments. Both current and new administrators can benefit from using this tutorial.

Deploying Applications to Android Devices through Managed Google Play Store

Introduction

The managed Google Play Store is the recommended way to manage all your application deployment use-cases for Android devices. Managed Google Play loads in an iframe within the Workspace ONE UEM console whenever a public application is added and when an Android Enterprise EMM registration is configured. The iframe is opened through the API integration with Google Play and is not hosted by VMware.

This section walks you through deploying public and private applications through the managed Google Play store.

Before you begin, your Workspace ONE environment must be registered to Android Enterprise Mobility Management (EMM).

Deploy Public Applications through Managed Google Play

In this exercise, search the Google Play Store directly from the Workspace ONE UEM console to add applications to the managed Google Play Store for your users.

In the Workspace ONE UEM console:

  1. Navigate to Apps & Books > Public > Add Application.
  2. Select Android from the Platform drop-down menu.
  3. Select Next or enter the Name of the applications you want to add to the integration. Google Play will open directly from the Workspace ONE UEM console.

    Search for apps to add to Workspace ONE UEM from Google play store for Android Application Management. 
  4. Find required apps by using the Search text box or browsing through the apps section.
  5. Review the permissions the application requires on the device and select Approve.
  6. Future updates to the application may require further permissions on the device. If you choose to approve the updates automatically and allow them to be pushed to devices, consider selecting Keep approved when app requests new permissions.

If an application is updated, ensure it does not need to get reapproved in the Google Play Store.

Edit application for Android Application Management in the Workspace ONE UEM admin console. 

  1. Configure options on the Details tab.
  2. (Optional) Assign a Required Terms of Use for the application on the Terms of Use tab.

Terms of use state specifically how to use the application. When the application pushes to devices, users view the terms of use page that they must accept to use the application. If users do not accept the terms of use, they cannot access the application.

  1. Select the SDK tab and assign the default or custom SDK Profile and an Application Profile to the application. SDK profiles apply advanced application management features to applications.
  2. Select Save & Assign to configure flexible deployment options for the application.

After you have completed these steps, verify that the application has been imported after approval. The console will direct you to the next step to designate assignment groups.

Deploy a New Private Application through Managed Google Play Store

You can publish applications developed by your organization or those applications can be hosted and distributed through the Managed Play Store. When you add a public app to an organization group with Android Enterprise enabled, the iframe is loaded and the private apps are available in the left menu. You can configure additional information such as a description, images, and more after uploading. Private apps uploaded through the iframe can never be made public.

For this exercise, you need an APK file to upload that is not already published in the Android public play store.

Note

  • Uploading through the iframe publishes the application in as little as 10 minutes and waives the one-time fee that is charged to create a Google Developer account.
  • Private applications can never be uploaded more than once as Google Play ensures that each application has a unique package name.
  • Deleted Private applications cannot be reuploaded with the same package name. The package name is a unique name to identify a specific app. You must use a new name if you want to reupload a deleted Private application.

 

In the Workspace ONE UEM admin console:

  1. Navigate to Apps & Books > Public > Add Application.
  2. Select Android from the Platform drop-down menu. Leave the Name blank and select Next.
    The Google Play console opens directly from the Workspace ONE UEM console.
    Select private apps in Google Play console for Android Application Management.
     
  3. Select Private Apps from the left menu.

    Upload an APK file to Google Play store for Android Application Management. 
  4. Click the “+” icon to add a new application and select Upload APK.

    Create an internal app for Android Application Management in the Workspace ONE UEM admin console.

     
  5. Click Create. The Create button is enabled if the app can be uploaded.
  6. You will see the app in the Private apps section, and a notification that publishing in your store may take up to 10 minutes.

    Workspace ONE UEM admin console apps list view. 
  7. Close this screen. The app you just uploaded will show in the app list under Public Apps.
  8. Edit the logo that is displayed in the Workspace ONE UEM console by using the pencil icon beside the application.
  9. Click Assign and then click Add Assignment.

    Add app assignment in the Workspace ONE UEM admin console for Android Application Management. 
  10. Select the organization group or the smart group and click Add to assign the device.
  11. Click Save and Publish to confirm the update pop-up window. Then, click Publish at the Preview Assigned Devices page.

    Public application list view in the Workspace ONE UEM admin console. 
  12. After the app assignment has completed, you are returned to the app list screen.

If the deployment is set to Automatic, the app is installed automatically on the device and will show in both the Workspace ONE Hub/Catalog and the Google Play store.

 

Deploy Private Applications to the Alpha or Beta Testing Track

In some cases, you might want to test your application before releasing the best version to users at a later stage. You can test and deploy the alpha or beta version of the application before releasing the production version.

In this exercise, you publish applications to the alpha or beta testing tracks in the Google Play console and then assign the applications to Workspace ONE UEM smart groups.

Prerequisites

Before you can perform the steps in this exercise, you must satisfy the following requirements:

  • Ensure you have an APK file for the new version you want to publish.
  • If there are multiple devices registered to one user but assigned to different tracks, perform the following steps in the Workspace ONE UEM admin console:
    • Navigate to Groups and Settings > Devices & users > Android > Android EMM Registration > Enrollment Settings.
    • Select Device-Based for the Work Managed Enrollment Type.

The Device-Based setting ensures that a unique GoogleID record is generated per device, and so different app versions from the Managed Play console can be assigned. This setting is only required if you must assign different tracks (alpha/beta/production) for different devices registered to one Workspace ONE UEM username.

Add Alpha / Beta application

  1. Navigate to Apps & Books > Public > Add Application.
  2. Select Android from the Platform drop-down menu. Leave the Name blank and select Next.
    The Google Play console opens directly from the Workspace ONE UEM console.
  3. Select Private Apps from the left menu.
    A screenshot of a social media post

Description automatically generated 
  4. Select the Private application that you want to add to the alpha or beta track.
  5. Click Make advanced edits under Advanced editing options.


A screenshot of a cell phone

Description automatically generated 

You are directed to the Google Play console login page. In the Google Play console, complete the following steps to add and rollout the alpha or the beta version of the application.

  1. Log in to the Google Play console using the Google account tied to your Workspace ONE tenant. Go to your app and navigate to Release management > App release. Select the alpha or beta track based on requirement. For example, if you select the Alpha track, add the APK file to the Alpha track and click Manage in the Alpha track.
  2. Under Organizations, click Edit.
    A screenshot of a cell phone

Description automatically generated 
  3. Select the organization corresponding to the Workspace ONE organization group and click Done.
  4. Click Edit Release.
  5. Add the APK file.
    After you add the file, you can see details about the version code and file size.
  6. Click Save at the bottom of the screen, then Review.
    Review the warning messages (if any) and make necessary changes to the app.
  7. Click Start Rollout and Confirm the rollout.

Add Assignment

In Workspace ONE UEM console:

  1. Select the application from Apps & Books > Native.
  2. Click Assign and then click Add Assignment.
    A screenshot of a cell phone

Description automatically generated 
  3. Select the Assignment Group for the new alpha or beta version of your application.
  4. Select Managed Access and select Alpha or Beta from the Pre-release Version drop-down menu.
  5. In the verification screen, move the priority of your group where the Pre-release Version is assigned.
  6. Click Save and Publish.
    A screenshot of a social media post

Description automatically generated 
  7. Click Publish to confirm the assignment. The version corresponding to the priority (set in step 5) is made available to appropriate groups. The next section discusses assignment priorities in more detail.

Note: If the alpha or the beta track is superseded or promoted, devices in the alpha or the beta track get the production version of the application.

After testing the alpha and beta version of your application, you can release the application to production in the Google Play console.


Release Alpha/Beta Track App to Production

This section demonstrates how to release different app versions for alpha/beta testing in the Google Play console, then manage assignment of those versions to specific devices/users in Workspace ONE.

Before you begin, ensure that you have completed Deploy a New Private Application through Managed Google Play Store.

  1. In the Google Play console, make sure your app is selected, and navigate to Release Management > App releases. Under Alpha (or Beta), select Manage.

    A screenshot of a cell phone

Description automatically generated 
  2. Select Release to Production in the Release section.
  3. You should see the New release to production page. Scroll to the end of the page. Click Save and then click Review.
  4. Click Start Rollout to Production. This will release the alpha/beta APK to the Production track.

    A screenshot of a cell phone

Description automatically generated 
  5. The Alpha/Beta track is now empty and you can see it was promoted to Production.

 

In Workspace ONE UEM, all devices assigned to the Production version can see that the update is available in the managed Play store.

If the alpha/beta track is superseded, devices in the alpha/beta track will get the production version of the app.

Workspace ONE UEM currently allowlists the track that the device is first assigned to (following the priority in Assignments of the app in Workspace ONE UEM). Refer to this blog post for a detailed explanation of expected behavior: Managing Android App Versions in Workspace ONE UEM and Google Play Console.

Note: It may take time for any new version of the app uploaded in the Play console (or via Workspace ONE in iFrame) to get automatically installed on the work profile. For more details, see Manage App updates in the Google Play Help docs. To manually install the available update, the end-user can go to the Managed Play store and navigate to My work apps > Updates.

Assignment Priorities

If you select to upload alpha, beta and production versions in the Google Play console, you can set the priorities in the Workspace ONE UEM console with the tracks in the Google Play console. For example, if you assign the application with the priority Alpha (0) > Beta (1) > Prod (2) in the Workspace ONE UEM console, you might observe the following workflow pattern:

For each of the devices the application is assigned to, Workspace ONE UEM gets the first track it is assigned to and passes the information to the Google Play console. For example, if the assignment priority is Alpha (0) > Beta (1) > Prod (2), and a device is assigned to both alpha and beta tracks in the Workspace ONE UEM console, the Workspace ONE UEM console communicates to the Google play console that the device is allowlisted only on the alpha track.

Note: A device receives the highest version of the track it is approved for.

Deploy Private Applications to Multiple Workspace ONE UEM servers

In this exercise, you deploy private applications to multiple Workspace ONE UEM servers. To publish private applications from the Google Play Console, a Google Play developer account is required. You can then use Workspace ONE UEM console to distribute these applications to users.

Prerequisites

Before you can perform the steps in this exercise, you must install and configure the following components:

  • At least two Workspace ONE UEM servers.
  • Retrieve the Workspace ONE Organization ID:
    1. Sign into the Managed Google Play store using the Google account that is associated with the Workspace ONE UEM server #1 (Android EMM Registration instance) for which you want to make the private app available.
    2. Click Admin Settings.
    3. Copy the Organization ID string from the Organization information box.

Select Private Apps to Deploy

In the Workspace ONE UEM admin console (server #2):

  1. Navigate to Apps & Books > Public > Add Application.
  2. Select Android from the Platform drop-down menu. Leave the Name blank and select Next.
    The Google Play console opens directly from the Workspace ONE UEM console.
  3. Select Private Apps from the left menu.
  4. Select the private application to add to multiple Workspace ONE UEM servers.
  5. Click Make advanced edits under Advanced editing options.
    1. Sign into the Google Play Console.
    2. Go to Pricing & Distribution > User programs > Managed Google Play.
    3. Click Choose Organizations.
    4. For each organization that you want to publish the application to, enter the Organization ID.
    5. Paste the Organization ID, add a description (or name) and click Add.
    6. Click Done.

When you are ready to publish your application, you can either create and rollout a production release or an alpha/beta track. After your application is published, you can create releases or set up a staged rollout.

Deploy Web Applications through Managed Google Play Store

Web applications are shortcuts on Android devices that users can open to navigate to pre-defined URLs. Web applications can be managed on the Android devices similarly to public applications. To do so, administrators must set the title, URL, display mode, and the icon. The managed Google Play store loads in an iframe that creates a Web App object that is treated by the Workspace ONE UEM, Google Play, and the Android OS as if it were a public application.

In the Workspace ONE UEM admin console:

  1. Navigate to Apps & Books > Public > Add Application.
  2. Select Android from the Platform drop-down menu.
  3. Select Search App Store to search for the application in the App Store. Leave the Name blank and select Next. Google Play opens directly from the Workspace ONE UEM console.
  4. Select Web Apps from the left menu.
  5. Create a Web App.
    1. Enter the Title and the URL.
    2. Select the Display Mode.
    3. Upload the Icon.
    4. Select Create.
    5. Click Save and then click the Back arrow on the upper-left of the screen.
  6. Select the Web App.
  7. Choose the Select option at the bottom of the screen.
  8. Select Save & Assign to configure flexible deployment options for the Web App.

Summary and Additional Resources

This operational tutorial covered how to deploy public and private applications using Workspace ONE UEM and the managed Google Play store. It also covered how to deploy different app versions to alpha/beta testing tracks in the Google Play console and how to manage these versions in Workspace ONE UEM.

Additional Resources

For more information about Workspace ONE and Android Enterprise management, explore the following activity paths. These activity paths provide step-by-step guidance to help you level-up in your Workspace ONE and Android Enterprise knowledge. You will find everything from beginner to advanced curated assets in the form of articles, videos, and labs.

Additionally, you can check out the VMware Workspace ONE and VMware Horizon Reference Architecture which provides a framework and guidance for architecting an integrated digital workspace using VMware Workspace ONE and VMware Horizon.

About the Author and Contributors

This operational tutorial was written by:

  • Karim Chelouati, Senior Technical Marketing Manager, End-User Computing, VMware.

Contributors include:

  • Criselda Abarquez, Senior Systems Engineer, End-User Computing, VMware
  • Kevin Murray, Senior Mobile Product Manager, End-User Computing, VMware

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.

 

 

 

Filter Tags

  • Workspace ONE
  • Intermediate
  • Operational Tutorial
  • Document
  • Workspace ONE UEM
  • Android
  • Manage