Setting up the Integration in the Google Admin Console

To add the Harmony Mobile service as API client:

  1. Log in to your Google Admin console.

  2. Go to Security > Access and data control > API controls and select Manage Domain Wide Delegation.

  3. To add a new API client, select Add new.

  4. In the Add a new client ID window, enter these details:

    1. Client ID – Enter the Unique ID value you created in the Google Cloud project > IAM and admin > Service accounts.

    2. OAuth scopes – Add these two URLs and click Authorize.

      1. https://www.googleapis.com/auth/cloud-identity.devices

      2. https://www.googleapis.com/auth/cloud-identity.groups

To add Harmony Mobile as a third-party integration:

  1. Log in to your Google Admin console.

  2. Go to Devices > Mobile & endpoints > Settings > Third-party integrations.

  3. In Third-party integrations, select Check Point and click the edit icon for Security and UEM partners.

  4. Select Manage and then click Open connection.

    A new browser tab opens with the Check Point Harmony Mobile Customer ID. Copy and save it for later use.

     

This completes the integration setup in the Google Admin console. You can now add users and enroll devices into the Google UEMClosed Unified Endpoint Management. An architecture and approach that controls different types of devices such as computers, smartphones and IoT devices from a centralized command point.. For more information, see Enrolling Devices with Google UEM and Activating Harmony Mobile.

Defining Access Levels for the Mitigation Process

To mitigate the device risk detected by the Harmony Mobile, you can set access levels for different applications to control their access to the organization resources.

To set an access level:

  1. Log in to the Google Cloud platform - console.cloud.google.com.

  2. Go to Security > Access Context Manager.

  3. Select New Access Level and enter these details:

    1. Access level title - Enter a title for the access level.

    2. Under Create conditions in, select Advanced Mode.

    3. In the Conditions section, add a CEL expression.

      Create these access levels:

    • Access level title: Very Good Health

      Conditions (CEL Expression): device.vendors["Checkpoint"].device_health_score == DeviceHealthScore.VERY_GOOD

    • Access level title: Managed Device

      Conditions (CEL Expression): device.vendors["Checkpoint"].is_managed_device == true

  4. Log in to your Google Admin console, and select Security > Context Aware Access > Access Levels.

    Verify that the predefined access levels defined in step 3 appear there.

  5. In the Context Aware Access section, select Assign Access Levels.

  6. Select the applications that you want to apply the access levels rules to, and click Assign.

  7. Select the required access level(s) and click Save.

Continue with Setting up the Integration in Harmony Mobile Dashboard.

Adding the Harmony Mobile Protect App to your App Catalog for Android Devices

  1. Log in to your Google Admin console.

  2. Go to Apps > Web and mobile apps > Add app and click Search for apps.

  3. In the Search apps window, enter Harmony Mobile.

  4. In Harmony Mobile Protect Android, click View app details.

  5. In the User access section, enter the user access information and click Continue.

  6. In the Settings section, click Add Configuration.

  7. In the Managed configuration page, enter the configuration values according to this table.

    Configuration Key

    Value Type

    Configuration Value

    GW Address

    String

    Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. servers:

    Region

    Server

    US

    gw.locsec.net

    Ireland (EU region)

    eu-gw.locsec.net

    Australia (Asia region)

    au-gw.locsec.net

    Canada (Canada)

    ca-gw.locsec.net

    UK region (UK)

    uk-gw.locsec.net

    India

    in-gw.locsec.net

    IMEI

    String

    $device.imei

    Token

    String

    ** Dashboard ID Hash **

    Infinity Portal Account ID

    String

    Account ID of application in the Infinity Portal, to integrate it with the UEM.

  8. Click Save.