Forum Discussion

tngvmd's avatar
tngvmd
Level 1.6: Donut
10 months ago

Android 15 - Cannot set default password app

We use Microsoft Intune to manage devices. For the devices which have upgraded to Android 15, the end users can no longer select Microsoft Authenticator as their default application for auto filling ...
Devices
EMM
Management
Lizzie's avatar
Lizzie
Google Community Manager
5 months ago

Hello everyone,

 

tngvmd, bholmquist11, thomask, Kiendeleo, ofer_shnitzer, tmeyers, geekhelp_grant, RobCordon, ct-nremez, nzbiship, psiniemi, HalvorsonD 

 

Thank you once again for your feedback here. As mentioned above, I wanted to provide you with a bit more context on this change. 

 

A credential manager is a great way to manage passwords, and I can see from the comments here how important this is to many of you here, but from a work perspective we’ve heard concern from customers that end-users could save work-related passwords in non-approved credential managers - which could add additional risk. 

 

Based on this, the ability to control credential managers for work was introduced in Android 14, and a corresponding AMAPI EMM policy was released. 

 

As mentioned by several of you, this now means an EMM or IT admin needs to specifically select an allowlist for credential manager. If an approved credential manager is not set, employees will be blocked from using a credential manager in Work Profile and Fully Managed devices.

 

Our partner team has been working with EMMs to help support them in enabling IT Admins to configure the settings required for this policy.

 

We know that many EMMs have made, and continue to make, updates around this policy, hence I would still recommend it is best to contact your specific EMM to find out the latest information.

 

For those of you who are using GEM (Google Endpoint Manager), I understand your frustration here - the team is actively working on building support for allowlisting Google Password Manager for users’ credentials. I have been following this closely and can see that they are making progress and I hope to update when I have more news on this.

 

Please continue to share information on this here in the community, your feedback is really helpful and I hope this will be running a lot smoother for you all shortly. 

 

Thanks so much,

Lizzie

edhgoose's avatar
edhgoose
Level 1.6: Donut
4 months ago

Hi - Lizzie sharing some of the concerns of others here:

 

A credential manager is a great way to manage passwords, and I can see from the comments here how important this is to many of you here, but from a work perspective we’ve heard concern from customers that end-users could save work-related passwords in non-approved credential managers - which could add additional risk.

 

For us, our company credential manager of choice is 1Password. We require everyone to use 1Password, and not to use the Google Password Manager.

 

For those of you who are using GEM (Google Endpoint Manager), I understand your frustration here - the team is actively working on building support for allowlisting Google Password Manager for users’ credentials. I have been following this closely and can see that they are making progress and I hope to update when I have more news on this.

 

I can see that selecting Google Password Manager is now possible, but we still can't require that all employees use 1Password. This is incentivising our employees to not use a password manager, or it is causing them to have to copy and paste credentials manually from the 1Password app.

 

Do you have an update on when we will be able to enforce third party apps, rather than Google Password Manager?

 

Thank you,

Ed

 

  • bholmquist11's avatar
    bholmquist11
    Level 1.5: Cupcake
    4 months ago

    Add us to the list of 1 password requesters. 

     

    Been a long time android and Pixel loyalist but this kinda stuff frustrates me to no end. Losing key functionality for no good reason.

  • dfarrell's avatar
    dfarrell
    Level 1.5: Cupcake
    2 months ago

    Lizzie​ - we are in the same boat, having selected and deployed 1Password as the required credential manager for our company.  However, our EMM/MDM is Intune.  Are there any new updates on how to apps other than Google Password Manager to be used on the Android platform?  1PW is essentially useless on the mobile devices without autofill...

     

    thanks -

    Denny

    • Emilie_B's avatar
      Emilie_B
      Google Community Manager
      2 months ago

      Hi dfarrell​ and welcome to the community! 

       

      I’ve checked with our team and this is an issue that has been reported with Microsoft inTune and you could definitely flag it again to Microsoft. 

       

      They’ve also said that you can amend your credential provider on the Android Management API. 

      It can be set whether CREDENTIAL_PROVIDER_POLICY_UNSPECIFIED: if Unspecified. The behaviour is governed by credentialProviderPolicyDefault. and if CREDENTIAL_PROVIDER_ALLOWED, then the app is allowed to act as a credential provider.

       

      Could you try the above and let us know if that helped? 

       

      Thanks in advance.