For reference, see these Google articles:
A wizard guides you through setting up Android for Work in Okta. There are different setup flows depending on whether or not your enterprise already has a G-Suite app instance:
Enterprises with a G Suite app instance – If you have configured a G Suite app instance for your Okta admin dashboard and have already provisioned Google accounts to your end users, the setup wizard creates a a Google Accounts enterprise.
Enterprises without a G Suite app instance – If you have not configured a G Suite app instance for your Okta admin dashboard, the setup wizard automatically creates a Managed Google Play Account enterprise and links it to Okta. Okta uses this account to manage your Google Play Store accounts for you.
In Okta, go to Devices > Mobile Policies.
If your enterprise does not have a G Suite app instance:
Before you begin – If you have not done so already, create a dedicated Gmail account for administering the managed Google Play Accounts enterprise that the setup wizard will create in the following steps. Do not use any other Gmail account that may have already been set up for your enterprise.
If your enterprise has a G Suite app instance:
If you are setting up Android for Work with Okta, you only need to generate a Google token if your enterprise has G Suite app instance.
If you are not a G Suite customer:
Sign up for Android for Work with Google by going to https://www.google.com/a/signup/u/0/?enterprise_product=ANDROID_WORK
If you are G Suite customer:
Go to your G Suite Admin console (http://admin.google.com)
In the right pane under Common tasks, click Get more apps and services:
Under Android for Work, click Add It Now.
Note: If Android for Work has already been added, it will not show up here. You can proceed to generate a token, as described below: