Chicken and Egg...
There are some of you out there who have tried this know what I'm talking about.
I hope this post helps some people out there.
Any apk or Android app file that doesn't come from the market directly apparently is typically considered a non-market app, even when the app being backed up originated from the market, (i.e. the Google Apps Device Policy app).
Here's a link to the Google Apps Device Policy apk file that you can download right now from my site. The version here is 2.00 from market.android.com
The app I used to create the apk backup file is called Astro File Manager.
Here's a link to the apk for the Astro File Manager if you need it
Menu > Tools > Application Manager/Backup
Select Device Policy, tap Backup
- yeah, it's not listed as Google Apps Device Policy. Only listed as Device Policy in the list of apps to backup.
The backup file is now saved to the SD card as an apk file and can be copied to a website or even emailed to users. When its emailed, the user should be able to sign-in to their web based email, even through a 2-factor solution like SecureAuth, on a Google Apps email account.
Then the user can install and configure the device policy apk file after they've allowed non-market apps. DON'T FORGET THIS PART!!
BTW, u can't do this on AT&T Android devices. They took the ability away... erg!
Settings > Applications > enable Unknown Sources (allow installation of non-market applications)
Once installed, they should disable Unknown Sources. I would recommend that this be done by either the mobile device team or have the phone provider pre-install the app prior to shipping to the users.
Now your user can configure their primary account on their Android device. This gives them the full functionality of GTalk with that same account.
Otherwise, if the user uses their personal Gmail account as their primary, they will only be able to use GTalk with their Gmail account and not their Google Apps account. GTalk on an Android only functions with one account... the first, or rather their primary account on the device.
The above applies to Android 2.2 devices connected to a Google Apps for Business, Education and Gov't Edition domains configured with 2-factor sign-in using SecureAuth SAML assertion.
Also, for security reasons in this scenario, the users do not have their Active Directory passwords synchronized between AD and their accounts on Google Apps.
So, when a user configures their account with Accounts & Sync, on the screen with the Create and Sign-In buttons, select Menu > Browser Sign-In. This will allow the user to setup their account through the 2-factor Sign-In process.