Pixel and internal WiFi


#1

Hi

Anyone have had success enrolling a Pixel and getting a wifi cert profile to install? I have no problems with Samsungs, and I can manually install the root cert to a Pixel, but can’t get it to work with our internal PKI to connect to the internal WiFi

Regards


#2

Which version of Android? Is the Samsung and Pixel on the same version? What MDM platform? Are you using Android Enterprise? Are you providing the intermediate certs so that the trust chain is complete?


#3

Hi Daniil

Android 9.

Yes Samsung and Pixel are both 9.

Airwatch (on prem 9.5.0.19.

No enterprise, just legacy.

No intermediate, just the root and client. But I have tried intermediate without success.


#4

It is likely the reason it is working on Samsung is due to SAFE/Knox APIs being used to leverage these functions.

Google have been deprecating the API calls for device admin, in terms of Device Admin API there is actually no API call to install credentials: https://developer.android.com/guide/topics/admin/device-admin.html

You should really look at migrating to Android Enterprise as the Device Admin API will be deprecated even further in next release of Android.


#5

100%

You should hold little expectation of anything outside of Samsung being manageable with DA. The experience will be night and day when you do migrate. Your version of AW is a little behind also.


#6

Thanks Daniil and Jason for your feedback. BTW, Daniil - always appreciate your posts on this forum and Jason - read your Android Enterprise post, very informative.

In regards to moving to Android Enterprise, does this mean that with Work Profile, you can’t manage/deploy WiFi anymore? With email, does this mean your limited to Gmail only (can’t use native mail client like Samsung)?


#7

With work profile it is possible to deploy both WiFi configuration and certificates and should be possible out of AirWatch.

Android does not have a “native” email client, so you can choose an email app and if this email app supports app config you can configure it remotely.

For example if your org is licensed to use Outlook, you can configure and use Outlook.


#8

If you do not have a specific email client then fall back to gmail for you AE email deployment needs.


#9

With Android Enterprise, I’ve setup a new location group and some profiles to test out, but when I try to enrol, I get an error “ failed to register google account. Please enrol again” then option to only wipe or retry. Any suggestions? The Android EMM registration part is successful and test connection works