Meraki

Community

Google Workspace prvisioning

MarijanLesko
Comes here often
‎Apr 21 2025 2:57 PM
‎Apr 21 2025 2:57 PM

Google Workspace prvisioning

We have around 200+ Apple devices that are reset 2-3 times per year for temporary workers.

I have used a profile to automatically setup Google Workspace mailboxes on iPhones and iPads through SME. 

 

We had 2 mailboxes setup per phone:

  1. Personal, owner's mailbox, with personal email
  2. Mailbox (single) containing only external contacts for easier sharing 

 

Every device would be provisioned with those 2 mailboxes through MDM. contacts mailbox would have the password pushed using MDM, while personal mailbox would require the owner to provide the password.

We used Exchange Activeync for iOS as instructed by Meraki documentation.

 

Every Apple device would be provisioned through MDM with owner's email and Google Workspace settings. The owner would only have to enter his email password.

That worked flawlessly for 8+ years until 2 weeks ago when suddenly, both mailboxes would randomly ask device user to enter the password.

The passwords would not be accepted and the request would keep randomly popping up.

 

I tried to manually provision a single Google WKS email account on a managed device (Apple Mail) and it worked using Google option. 

 

Meraki MDM Exchange Active Sync setting for iOS that worked for many years stopped working for Google workspace. 

 

Our only option is now to provision Google account manually on every device what is time consuming.

 

Testing, we have discovered that iOS Exchange ActiveSync profile setting now only works for Microsoft 365 and automatically opens Microsoft authentication page. 

Setup for Google Workspace using ActiveSync as per Meraki documentation (last version from 2023) does not work anymore.

 

Is there anybody who had the same issue?

 

Labels:
0 Kudos
6 Replies 6
ekramer
Getting noticed
‎Apr 21 2025 7:23 PM
‎Apr 21 2025 7:23 PM

We switched away from Exchange accounts several years ago.  Instead we use the Google profile to establish user's email accounts.  They're account is preset on the iPad, but they do have to authenticate with their password to start using it.  Google OAuth is the method of verifications.

0 Kudos
In response to ekramer
MarijanLesko
Comes here often
‎Apr 24 2025 5:15 PM
‎Apr 24 2025 5:15 PM

Interesting. Do you have any links to more elaborate documentation for the setup?

0 Kudos
Patrick_
Comes here often
‎Apr 22 2025 9:51 AM
‎Apr 22 2025 9:51 AM

I suspect this is the issue being reported by multiple end users at my organization.  
Can you provide details on the issue for your organization?  

I have had over a dozen users indicate the password incorrect notification, however they are able to use the same password to access their account.   

The truly sad part, is I have been working with a Meraki support rep since April 6th when this was first reported by only 3 or 4 users and they are clueless.   

0 Kudos
In response to Patrick_
MarijanLesko
Comes here often
‎Apr 24 2025 5:14 PM
‎Apr 24 2025 5:14 PM

Hm sounds like my issue. 

Will have more time tomorrow.

0 Kudos
Patrick_
Comes here often
‎Apr 25 2025 7:45 AM
‎Apr 25 2025 7:45 AM

Currently, iOS devices configured to use the Meraki profile that pushes any “Exchange ActiveSync” email configuration are continually prompting users for their passwords

 

This appears to be directly related to this Google blog post 

Beginning September 30, 2024: third-party apps that use only a password to access Google Accounts an...

(search this page for the word “incorrect”)

 

At this time, the following workarounds can be used:
Use the Gmail app (a Meraki profile can be configured for this)

Use Outlook app (a Meraki profile can be configured for this)

Manually configure native iOS app and sign-in using OAUTH

 

I have not had any luck configuring a Meraki profile to push a Google Account to an iOS device that successfully syncs email once the user enters their password.   If anyone has a working custom mobileconfig they would be willing to share, I would appreciate it.   

0 Kudos
In response to Patrick_
BrandonD
Meraki Employee
Meraki Employee
‎Apr 29 2025 10:51 AM
‎Apr 29 2025 10:51 AM

Hi @MarijanLesko & @Patrick_,

 

Just to add onto @Patrick_'s comments, we do have a few options for configuration since the recent Google changes in accepted authentication methods:

 

  1. Configure a 3rd party (non-native iOS Mail App) via a Managed App Config - more on this below:
  2. Configure and utilize OAuth2 rather than basic authentication - touched on below by Google Support:
  3. Lastly (and potentially the easiest effort if the default Mail App is desired) - utilize the 'Google Account' Payload. If utilizing 'Owner' e-mail addresses (more on this below) they can be passed through the following process with Apple Configurator:
<key>AccountName</key>
<string>$OWNERUSERNAME</string>
<key>EmailAddress</key>
<string>$OWNEREMAIL</string>

 

I did confirm internally that our Payload (more on this below) for ActiveSync has not changed as of recent and has been implemented per Apple's Developer Documentation outlined below:

If you found this post helpful, please give it kudos. If my answer solved your problem, click "accept as solution" so that others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.