How to configure Google Workspace’s MDM to use Proton VPN on Android

Reading
7 mins
Category
Proton VPN for Business

Businesses can use mobile device management (MDM) platforms to install and manage Proton VPN on their team members’ Android devices.

This guide explains how to configure he MDM functionality of Google Workspace’s endpoint management to set up Proton VPN on your team’s Android devices. This will allow you to:

  • Automatically install Proton VPN on your organization users’ Android devices
  • Automatically sign your team members in to Proton VPN
  • Require Always-on VPN to ensure all connections are always routed through Proton VPN
  • Manage permissions

To get started, you’ll need:

In this guide, we’ll cover:

Note: We encountered issues configuring Microsoft Intune using the Firefox browser, which were not present in Chrome.

Step one: Add new users

1. Sign in to admin.google.com(new window) using your administrator username and password (plus 2FA, if enabled) and go to DirectoryUsersAdd new user.

Add new user

2. Enter the new user’s details and click Add new user when you’re done.

Enter the user's details

3. The new user account has now been created with a temporary one-use password. Be sure to make a note of this, as you’ll need it to set up their business profile on the Android device (see step three).

Make a note of the password

Step two: Configure Proton VPN MDM for your organization

1. Go to AppsWeb and mobile appsAdd app Search for apps.

Search for the Proton apps

2. Search for Proton and go to Proton VPNSelect.

Select Proton VPN

3. Choose whether you want to install Proton VPN for all users of your organization or select groups and organizational units and click Continue.

Choose which users you wish to install Proton VPN for

4. Select Access methodForce install. If you wish, you can turn on Always on VPN now (see below). Click Finish when you’re ready.

Require force-install of the Proton VPN app

The Proton VPN app will now be automatically installed on your organization members’ managed devices.

Step three: Set up a work profile on an Android device

This step can be performed by your company’s IT department on company devices, or by members on their own devices. Android’s profiles feature ensures that users can keep their work and personal lives separate. Please note that this guide was created using a Samsung OneUI phone, and some details may differ on other devices.

1. On the Android device, open the Settings app and go to Password & AccountsAdd Account (or Accounts and backup Manage accounts + Add account on Samsung devices).

2. Select Google and sign in using the username and password you generated in step one.

3. You’ll be prompted to create a new, strong, permanent password for this account. If this process is being performed by an IT department (or similar), be sure to securely share(new window) the username and new password with your team member. Tap Next when you’re ready.

4. Agree to Google’s terms of service to finish creating the managed Google account. Tap Next to continue.

Set up a work profile on the user's Android device

5. You’ll now create a work profile on the device. This allows you (or the staff member the device is issued to) to keep your personal and work lives separate. Note that data in your work profile will be visible to your IP administrator. Tap Agree to proceed and tap Next once the new work profile has been created.

6. If you haven’t set up a screen lock for this device, you’ll prompted to do so. Once this is done, tap Install work appsInstall.

7. Assuming Proton VPN has already been configured for your organization (see step two above), you’ll see the Proton VPN app listed here. Tap Done.

Set up a work profile on the user's Android device (cont.)

You can now open the Proton VPN app from your work profile. To do this, swipe up from your home screen or tap on the circle-shaped dotted icon at the bottom of your home screen to open your app drawer → Work.

The Work tab in your app drawer

Additional configuration options

MDM for Proton VPN on Android is now set up. Below, we look at a couple of more advanced options.

How to configure automatic sign-in to Proton VPN

Using MDM, you can automatically sign your team members into Proton VPN.

1. Sign in to admin.google.com(new window) and go to AppsWeb and mobile appsProton VPNSettingsManaged configuration Add configuration.

Add configuration

2. Give your new configuration a name and enter the Proton account username and password for your organization. Click Save when you’re done.

Enter the Proton account username and password for your organization

3. Still on the Settings page, go to Managed configuration and select the configuration you just created from the dropdown menu. Click Save when you’re ready.

Select Save

How to manage app permissions

The Proton VPN app doesn’t require any access to Android device features, and therefore doesn’t ask for permission to access them. However, if you want to manage what access it has anyway:

1. Sign in to admin.google.com(new window) and go to AppsWeb and mobile appsProton VPNRuntime permissions.

Edit the app's runtime permissions

2. Use the dropdown menu next to each Android feature to select Allow, Deny, or Prompt user (default).