Accounts

The Accounts settings restrict users from configuring specific types of accounts on devices.

The following table describes the accounts that you can configure on a device:

Policy setting	Description	Supported devices
Configure restricted account types	The accounts that a user cannot configure on their device. For example: `%domain%` to automatically fill from MaaS360 user data for the domain `*gmail.com` to restrict consumer Gmail accounts	Android 5.0+ PO and DO
Configure Allowed Accounts (Allowlist)	The accounts that can be configured in the Work container. All other accounts are automatically restricted. Supported placeholders: `%deviceid%`, `%username%`, `%domain%`, `%email%`, `%upn%`. Supported wildcards: `.*domainname.com`	Android 5.0+ PO and DO
Restrict Personal Accounts in Google Play	If this setting is enabled, MaaS360 blocks the use of personal Google accounts to install apps, but allows users to add personal Google accounts (to read their email in Gmail for example). Note: Applies to both G Suite and non-G Suite accounts. The default setting is off (disabled).	Android 5.0+ (PO, WPCO & DO)
Configure Allowed Google Account By Domain	The domains that are allowed to access Google services such as Mail and Play Store. When a set of domains are allowed, Gmail accounts such as personal accounts are automatically blocked. If your organization uses G Suite and enabled G Suite binding with MaaS360, use this policy to restrict Play Store access to corporate Google accounts. For example, you can allow corporate domains such as mycompany.org so that personal accounts such as gmail.com are automatically blocked. If you do not specify domains, users can add and sign in to Google services from any Google account. Note: If you allow gmail.com, you must enter the complete email address (along with the gmail.com suffix) to sign in. When a domain is allowed, an error message is displayed on the sign-in screen if the email address does not match the allowed domain.	Android 5.0+ PO and DO