1

Exact same situation as the OP in the thread here – One Android\IOS device - multiple users, possible?

I am managing IT for a company that has employees in the field. Employees pick up mobile phones assigned to their area at the start of their shift and return it at the end. Currently we have g-suite accounts assigned to the area (ie area@company.com) set up on the phones. But this leads to emails not being seen by some users as they have already been marked read by others. So ideally we’d like users to have their own email addresses but I can’t find something that’ll allow me to do this.

Is there any way to have users login to the phone as themselves instead and then have access to only their own mail accounts?

We already have Meraki MDM on all (android) devices.

@chrisharvey6267 @simontompson2260

4 Spice ups
2

I’m not a fan of this option for two reasons; 1.) It requires physical access to enable if not already enabled in your Android devices 2.) While I’ve used this option in a business environment I’ve never used it alongside an MDM solution and can’t actually find any MDM solution that ‘supports’ this mode.

The solution could be to enable Multi User support on Android by using Android Debug Bridge (adb)  |  Android Studio  |  Android Developers and issuing;

adb shell setprop fw.show_multiuserui 1

adb shell setprop fw.max_users X (where X is a number between 1-5)

Lots of reading to do on this, especially now with Android Enterprise

https://source.android.com/devices/tech/admin/multi-user

Other options I can think of are VDI implementation if you already have the infrastructure or subscribe to some type of DaaS solution. There’s also Chromebooks which support multiple users and would be a good solution if you have VoIP with softphone features.

3

Thanks Mike. Chromebooks or VDI doesn’t work for us because the workers need certain apps which are android only. There is NFC scanning involved as well.

I’ll look into enabling multi-user mode on android. But as you mentioned I am not sure how this will play with meraki. Or how badly it’ll affect the performance of the devices.

We don’t strictly need multi user on the OS level. Since the business apps users have to use have their own logins (and can be logged into by tapping a NFC card). An email app that has central control (like gsuite) but does not persist the login on the phone forever would be a good enough solution for now.

4

Session timeouts are the only other option I can think of, sadly, session timeouts in G-Suite are not very helpful in this case because session timeout policy doesn’t work against Chrome browser or the built-in mail apps for either Android nor iOS.

Unless of course you’d want to restrict the use Chrome and default mail apps in your MDM policies and force them to a mail client (or browser) that honors G-Suite session timeout. I don’t use G-Suite so I can’t recommend an email client that supports G-Suite session timeouts.

Another option is if you have an idP (specifically Okta as I know from experience this works) you can set user groups and/or app groups and apply session logouts based on groups.

A less than ideal method;

Assign an email to each device (e.g. ‘areaDevice1@domain.com’) and then make your current area@domain.com address a mail distro list (group?). That way each device receives their own messages that can be deleted/marked read, etc without hindering other workers. Of course, i don’t know if G-Suite has the ability to send mail as the group when a device needs to reply to an email or if you even need to reply to emails or if the ‘from’ when replying is important to you.

-Mike