CardDav with Google account, MDM Profile

jffortier
Getting noticed

CardDav with Google account, MDM Profile

Hi,

 

I've beeing using a shared Google account for the past 2 years. In that account, I put all the contacts names that we share at the office. On our Exchange server, we have a share folder with contact.

Using CalDav Synchronizer I sync one way that folder with a Google account.

 

I created a mobileconfig file with Apple Configurator (with user/psw) and created settings profile and loaded that mobileconfig file.

I push that to my iOS devices (used to work like a charm!)

 

Yesterday, I needed to restore a device and assign it to a new user. It ask for the CardDav psw and generated a Security Alert on Google, even if I accept this activity as my own, It won't work on the device, contacts are no longer available on the devices.

 

ALL of the others users also lost those contacts... can you image the problem today, none of the employees can see any internal, suppliers, customers contacts...

 

I know I can't use the Google Account settings as it won't push the psw and I can't give away the psw to users, for obvious security reason !!

 

2 step verification is OFF

each time I accept the suspicious activity, but it keep poping each time I reinstall the profile settings. I have to reinstall it each time, because once I click Cancel on the psw dialog on the device, it won't retry. And only once I press cancel that I receive the suspicious notification, So allowing it prior is not an option.

 

1- Why did it work for the past 2 years and stop ?

2- Any idea who to get it back ?

3- Any other cost free solution ?

 

Thanks

5 REPLIES 5
jedimaster
Here to help

Same thing happened to me this year.  For 18 months, I used CardDAV to sync contacts from a google account to my iOS devices.  Then, Google deprecated CardDAV permanently in May 2022.  Essentially, we're stuck with manually updating each devices with the password for the account using Sign In With Google, which uses OAuth.  Thanks again, Google.

ekramer
Getting noticed

A shared google account across users devices?  Sounds like a hack to create a directory of contacts.  Do you all your users already have google accounts they are signed in to? Perhaps you already have the directory of contacts in your domain shared.  Additionally, you can Give another user access to your contacts.

 

If you are already in Exchange, you can also Share a contacts folder with others

jffortier
Getting noticed

Old thread... I change to a free service called gmx.com that offers a CardDav. 

-I create on our Exchange server a public contact list

-on my Outlook installed the free add-on CalDav synchronizer. Set up to sync one way from Exchange to GMX. Since user can edit contact on their phone, with a sync every 30mins, any changes will be overwrite with the sync. 
-Be sure to log online to GMX at least once every 2-3 months otherwise the account will be close and you can't gain access to the same email account after. Sync doesn't flag you as a connection. 
-create a profile with that GMX CardDav account in Meraki, 

 

and Voilà !!

That sounds quite nice.  The one-way sync is attractive since it will prevent a lot of contact directory maintenance on my part.  I would love to hear more about your setup.

Pretty simple.

 

You know how to create a public contact folder in Exchange ?

In the CalDav Sync Outlook add-on (https://caldavsynchronizer.org/) you configure it like this. Outlook must be running on your PC for it to work, but since in my case it's open 95% of the time !!

 

You create a new profile and select 

jffortier_2-1654791149517.png

And you enter you credential and you have an autodiscover option that will populate your URL (? I think, it's been 2 years)

 

jffortier_0-1654790417447.png

 

Then in Meraki, you create a profile with only contacts like this

 

jffortier_1-1654790832702.png

 

 

One thing that I have found... NEVER modify, update that profile once you push it to your device... once the account PSW is set in the device, updating the profile on the devices will require to enter manually the password on each device... and I guess you don't want to provide it to your users !! The only work around.... remove it from all the devices, and re-installing it does the job. It's like the iOS profile refuse to re-assign the PSW on an existing profile?! 

 

That should do it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels