Pub/Sub notifications provide a way for you to receive alerts about newly enrolled devices, device reports, and recently issued commands.
To set up Pub/Sub notifications, you need to enable the Pub/Sub API and create a topic. To receive messages published to a topic, create a subscription to that topic. The subscription connects the topic to a subscriber application that receives and processes messages published to the topic. After you create a subscription, you need to grant Android Device Policy permission to publish to your topic.
1. Enable the Pub/Sub API for your project
For instructions on how to enable the Pub/Sub API, see the console quickstart guide. Ensure that you select the same project that the Android Management API is enabled for.
2. Create a topic
After enabling the API, you need to create a topic that Android Device Policy can publish notifications to. There are two ways to create a topic:
a. Manually in the Google Cloud console.
b. Using the Pub/Sub API (see create topic method).
After creating a topic, take note of the topic name.
3. Create a subscription
A subscription captures the stream of messages published to a given topic. There are two ways to create a subscription:
a. Manually in the Google Cloud console.
b. Using the Pub/Sub API (see create subscription method).
4. Grant Android Device Policy the right to publish to your topic
You need to give android-cloud-policy@system.gserviceaccount.com permission to publish to your topic. There are two ways to grant publishing rights:
a. Manually in the Google Cloud console.
- Add android-cloud-policy@system.gserviceaccount.com as a member to your topic.
- Click Select a role > Pub/Sub > Pub/Sub Publisher.
b. Using the Pub/Sub API (see Controlling access through the IAM API)
- Add
serviceAccount:android-cloud-policy@system.gserviceaccount.com
tomembers
. - Set
role
toroles/pubsub.publisher
.
5. Update enterprise to support notifications
To connect notifications about an enterprise to the topic you created, call
enterprises.patch
and specify the following parameters:
pubsubTopic
: The name of your pub/sub topic in the formprojects/{project}/topics/{topic}
.enabledNotificationTypes
: Include all the notification types you want to receive. Choose fromENROLLMENT
,STATUS_REPORT
, andCOMMAND
.
6. Use the Pub/Sub API to get notifications
A subscription can use either the push or pull mechanism for message delivery. Guidelines and directions on how to receive notifications through both of these mechanisms are available in the Pub/Sub Subscriber Guide.
Message format
Messages take the form of a PubsubMessage.
The attributes
field of the message contains an attribute with key
notificationType
and value set to the notification type that triggered the
message (e.g. ENROLLMENT
). The data
field of the message contains the JSON
representation of the resource that was updated, encoded as a UTF-8 string. The
notifications and their corresponding resource types are as follows:
COMMAND
notifications use the resource type Operation.USAGE_LOGS
notifications use the resource type UsageLogEvent.ENROLLMENT
andSTATUS_REPORT
notifications use the resource type Device.
When setting the pubsubTopic
on an Enterprise, an initial message will be
published with notificationType
set to test
. This message is sent to verify
Android Device Policy has the publish permission on the topic and should be
ignored.
Expected latency
Local device events that occur in quick succession are batched and reported in a single Pub/Sub message to EMMs.
Event type | Expected latency between on-device event and corresponding EMM notification1 |
---|---|
High priority keyed app states | Immediate, at most one report per minute |
Standard priority keyed app states | Within one minute |
Application-related events during provisioning, for apps with install states defined by the IT admin2 | Within one minute on top of other related provisioning events |
Application-related events after provisioning, for apps with install states defined by the IT admin. | Within 5 minutes |
Application-related events both during and after provisioning, for apps with install states defined by the employee3 | Within 60 minutes |
Other on-device app events | Within 60 minutes |
-
Best effort targets based on controlled circumstances. Actual latency may vary according to a variety of device and environmental factors. ↩
-
InstallType
of apps enforced in the policy:FORCE_INSTALLED
,BLOCKED
,REQUIRED_FOR_SETUP
,PREINSTALLED
andKIOSK
. ↩ -
InstallType
of available apps:AVAILABLE
,INSTALL_TYPE_UNSPECIFIED
. ↩