REST Resource: enterprises

Resource: Enterprise

The configuration applied to an enterprise.

JSON representation
{
  "name": string,
  "enabledNotificationTypes": [
    enum (NotificationType)
  ],
  "pubsubTopic": string,
  "primaryColor": integer,
  "logo": {
    object (ExternalData)
  },
  "enterpriseDisplayName": string,
  "termsAndConditions": [
    {
      object (TermsAndConditions)
    }
  ],
  "appAutoApprovalEnabled": boolean,
  "signinDetails": [
    {
      object (SigninDetail)
    }
  ],
  "contactInfo": {
    object (ContactInfo)
  },
  "googleAuthenticationSettings": {
    object (GoogleAuthenticationSettings)
  }
}
Fields
name

string

The name of the enterprise which is generated by the server during creation, in the form enterprises/{enterpriseId}.

enabledNotificationTypes[]

enum (NotificationType)

The types of Google Pub/Sub notifications enabled for the enterprise.

pubsubTopic

string

The topic which Pub/Sub notifications are published to, in the form projects/{project}/topics/{topic}. This field is only required if Pub/Sub notifications are enabled.

primaryColor

integer

A color in RGB format that indicates the predominant color to display in the device management app UI. The color components are stored as follows: (red << 16) | (green << 8) | blue, where the value of each component is between 0 and 255, inclusive.

enterpriseDisplayName

string

The name of the enterprise displayed to users. This field has a maximum length of 100 characters.

termsAndConditions[]

object (TermsAndConditions)

Terms and conditions that must be accepted when provisioning a device for this enterprise. A page of terms is generated for each value in this list.

appAutoApprovalEnabled
(deprecated)

boolean

Deprecated and unused.

signinDetails[]

object (SigninDetail)

Sign-in details of the enterprise.

contactInfo

object (ContactInfo)

The enterprise contact info of an EMM-managed enterprise.

googleAuthenticationSettings

object (GoogleAuthenticationSettings)

Settings for Google-provided user authentication.

NotificationType

Types of notifications the device management server may send via Google Pub/Sub.

Enums
NOTIFICATION_TYPE_UNSPECIFIED This value is ignored.
ENROLLMENT A notification sent when a device enrolls.
COMPLIANCE_REPORT

Deprecated.

STATUS_REPORT A notification sent when a device issues a status report.
COMMAND A notification sent when a device command has completed.
USAGE_LOGS A notification sent when device sends BatchUsageLogEvents.

ExternalData

Data hosted at an external location. The data is to be downloaded by Android Device Policy and verified against the hash.

JSON representation
{
  "url": string,
  "sha256Hash": string
}
Fields
url

string

The absolute URL to the data, which must use either the http or https scheme. Android Device Policy doesn't provide any credentials in the GET request, so the URL must be publicly accessible. Including a long, random component in the URL may be used to prevent attackers from discovering the URL.

sha256Hash

string

The base-64 encoded SHA-256 hash of the content hosted at url. If the content doesn't match this hash, Android Device Policy won't use the data.

TermsAndConditions

A terms and conditions page to be accepted during provisioning.

JSON representation
{
  "header": {
    object (UserFacingMessage)
  },
  "content": {
    object (UserFacingMessage)
  }
}
Fields
header

object (UserFacingMessage)

A short header which appears above the HTML content.

content

object (UserFacingMessage)

A well-formatted HTML string. It will be parsed on the client with android.text.Html#fromHtml.

SigninDetail

A resource containing sign in details for an enterprise. Use enterprises to manage SigninDetails for a given enterprise.

For an enterprise, we can have any number of SigninDetails that is uniquely identified by combination of the following three fields (signinUrl, allowPersonalUsage, tokenTag). One cannot create two SigninDetails with the same (signinUrl, allowPersonalUsage, tokenTag). (tokenTag is an optional field).

Patch: The operation updates the current list of SigninDetails with the new list of SigninDetails.

  • If the stored SigninDetail configuration is passed, it returns the same signinEnrollmentToken and qrCode.
  • If we pass multiple identical SigninDetail configurations that are not stored, it will store the first one amongst those SigninDetail configurations.
  • if the configuration already exists we cannot request it more than once in a particular patch API call, otherwise it will give a duplicate key error and the whole operation will fail.
  • If we remove certain SigninDetail configuration from the request then it will get removed from the storage. We can then request another signinEnrollmentToken and qrCode for the same SigninDetail configuration.
JSON representation
{
  "signinUrl": string,
  "signinEnrollmentToken": string,
  "qrCode": string,
  "allowPersonalUsage": enum (AllowPersonalUsage),
  "defaultStatus": enum (SigninDetailDefaultStatus),
  "tokenTag": string
}
Fields
signinUrl

string

Sign-in URL for authentication when device is provisioned with a sign-in enrollment token. The sign-in endpoint should finish authentication flow with a URL in the form of https://enterprise.google.com/android/enroll?et= for a successful login, or https://enterprise.google.com/android/enroll/invalid for a failed login.

signinEnrollmentToken

string

An enterprise wide enrollment token used to trigger custom sign-in flow. This is a read-only field generated by the server.

qrCode

string

A JSON string whose UTF-8 representation can be used to generate a QR code to enroll a device with this enrollment token. To enroll a device using NFC, the NFC record must contain a serialized java.util.Properties representation of the properties in the JSON. This is a read-only field generated by the server.

allowPersonalUsage

enum (AllowPersonalUsage)

Controls whether personal usage is allowed on a device provisioned with this enrollment token.

For company-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage requires the user provision the device as a fully managed device.

For personally-owned devices:

  • Enabling personal usage allows the user to set up a work profile on the device.
  • Disabling personal usage will prevent the device from provisioning. Personal usage cannot be disabled on personally-owned device.
defaultStatus

enum (SigninDetailDefaultStatus)

Optional. Whether the sign-in URL should be used by default for the enterprise. The SigninDetail with defaultStatus set to SIGNIN_DETAIL_IS_DEFAULT is used for Google account enrollment method. Only one of an enterprise's signinDetails can have defaultStatus set to SIGNIN_DETAIL_IS_DEFAULT. If an Enterprise has at least one signinDetails and none of them have defaultStatus set to SIGNIN_DETAIL_IS_DEFAULT then the first one from the list is selected and has set defaultStatus to SIGNIN_DETAIL_IS_DEFAULT. If no signinDetails specified for the Enterprise then the Google Account device enrollment will fail.

tokenTag

string

An EMM-specified metadata to distinguish between instances of SigninDetail.

SigninDetailDefaultStatus

Whether the sign-in URL should be used by default for the enterprise.

Enums
SIGNIN_DETAIL_DEFAULT_STATUS_UNSPECIFIED Equivalent to SIGNIN_DETAIL_IS_NOT_DEFAULT.
SIGNIN_DETAIL_IS_DEFAULT The sign-in URL will be used by default for the enterprise.
SIGNIN_DETAIL_IS_NOT_DEFAULT The sign-in URL will not be used by default for the enterprise.

ContactInfo

Contact details for managed Google Play enterprises.

JSON representation
{
  "contactEmail": string,
  "dataProtectionOfficerName": string,
  "dataProtectionOfficerEmail": string,
  "dataProtectionOfficerPhone": string,
  "euRepresentativeName": string,
  "euRepresentativeEmail": string,
  "euRepresentativePhone": string
}
Fields
contactEmail

string

Email address for a point of contact, which will be used to send important announcements related to managed Google Play.

dataProtectionOfficerName

string

The name of the data protection officer.

dataProtectionOfficerEmail

string

The email of the data protection officer. The email is validated but not verified.

dataProtectionOfficerPhone

string

The phone number of the data protection officer The phone number is validated but not verified.

euRepresentativeName

string

The name of the EU representative.

euRepresentativeEmail

string

The email of the EU representative. The email is validated but not verified.

euRepresentativePhone

string

The phone number of the EU representative. The phone number is validated but not verified.

GoogleAuthenticationSettings

Contains settings for Google-provided user authentication.

JSON representation
{
  "googleAuthenticationRequired": enum (GoogleAuthenticationRequired)
}
Fields
googleAuthenticationRequired

enum (GoogleAuthenticationRequired)

Output only. Whether users need to be authenticated by Google during the enrollment process. IT admin can specify if Google authentication is enabled for the enterprise for knowledge worker devices. This value can be set only via the Google Admin Console. Google authentication can be used with signinUrl In the case where Google authentication is required and a signinUrl is specified, Google authentication will be launched before signinUrl.

GoogleAuthenticationRequired

Setting for whether Google authentication is required for this enterprise.

Enums
GOOGLE_AUTHENTICATION_REQUIRED_UNSPECIFIED This value is not used.
NOT_REQUIRED Google authentication is not required.
REQUIRED User is required to be successfully authenticated by Google.

Methods

create

Creates an enterprise.

delete

Permanently deletes an enterprise and all accounts and data associated with it.

get

Gets an enterprise.

list

Lists EMM-managed enterprises.

patch

Updates an enterprise.