Some apps designed for enterprises include built-in settings called managed configurations that IT admins can configure remotely. For example, an app may have the option to only sync data when a device is connected to Wi-Fi. Providing IT admins the ability to specify managed configurations and apply them to devices is a requirement for all solution sets.
The diagram below illustrates some of the key stages of managed configuration management with an overview of the options available through the Google Play EMM API.
Check if an app supports managed configurations
Use
Products.getAppRestrictionsSchema
to determine whether an app supports managed configurations. Here's an example
that uses the
Google Play EMM API Client Library for Java.
public AppRestrictionsSchema getAppRestrictionsSchema(String enterpriseId,
String productId, String language) throws IOException {
return androidEnterprise
.product()
.getAppRestrictionsSchema(enterpriseId, productId, language)
.execute();
}
All apps return an app restrictions (managed configurations) schema. If the call
returns an empty schema, then the app doesn’t support manage configurations. If
the call returns a schema containing a set of restrictions, then the app
supports managed configurations. For example, an app that has a property for
enabling remote printing over a VPN could return the following response to
Products.getAppRestrictionsSchema.
{
"kind": "androidenterprise#appRestrictionsSchema",
"restrictions": [
{
"key": "printing_enabled",
"title": "Enable printing",
"restrictionType": "bool",
"description": "Allow user to print from the app",
"defaultValue": {
"type": "bool",
"valueBool": true,
}
},
{
"key": "vpn_configurations",
"title": "VPN configurations",
"restrictionType": "bundle_array",
"description": "List of VPN configurations",
"nestedRestriction": [
{
"key": "vpn_configuration",
"title": "VPN configuration",
"restrictionType": "bundle",
"nestedRestrictions": [
{
"key": "server",
"title": "VPN server host",
"restrictionType": "string"
},
{
"key": "username",
"title": "VPN account username",
"restrictionType": "string"
}
]
}
]
}
]
}
Specify managed configurations
For apps that support managed configurations, you can enable IT admins to set them from your EMM console by embedding the managed configurations iframe or by developing your own UI.
Option 1: Embed the managed configurations iframe
The easiest way to support managed configurations is to embed the managed configurations iframe into your EMM console. The iframe retrieves the managed configurations schema for a specified app, and allows IT admins to save, edit, and delete custom configuration profiles. You can use the Play EMM API to apply custom profiles to user’s devices. To learn more about the iframe and how to add it to your console, see managed configurations iframe.
Option 2: Create your own UI
Using the configurations returned from Products.getAppRestrictionsSchema, you
can create your own UI that allows IT admins to manage app configurations.
Apply managed configurations
In order to apply managed configurations to devices, your DPC must be integrated with the DPC Support Library, as detailed in Build a device policy controller. The DPC Support Library transparently handles the delegation to Google Play to apply managed configurations.
You can apply managed configurations to a device by setting
policy.productPolicy.managedConfiguration in the
Device's policy.
Using an mcmId
Each time an IT admin saves a new configuration profile from the managed
configurations iframe, the iframe returns a unique identifier called mcmId. An
mcmId has no limit on the number of devices it can be applied on and it does
not have an expiration time.
To apply a configuration profile to a device, set
policy.productPolicy.managedConfiguration.configurationVariables.mcmId in the
Device's policy.
If you want to allow your IT admins to use variable in the managed
configurations iframe (such as $FirstName, $LastName), you need to define any
variables contained in the profile using
policy.productPolicy[].managedConfiguration.configurationVariables.mcmId.variableSet[].
Using a list of managed properties
You can also include a set of managed properties by setting
policy.productPolicy.managedConfiguration.managedProperty[] in the
Device's policy.
The example below shows how to define a configuration. This configuration
contains a bundle_array (a list) that's made up of two bundle properties (a
group of related properties, in this case, properties for a VPN).
ManagedConfiguration managedConfiguration = new ManagedConfiguration()
.setManagedProperty(
ImmutableList.of(
new ManagedProperty()
.setKey("printing_enabled")
.setValueBool(true),
new ManagedProperty()
.setKey("vpn_configurations")
.setValueBundleArray(
ImmutableList.of(
new ManagedPropertyBundle().setManagedProperty(
ImmutableList.of(
new ManagedProperty()
.setKey("server")
.setValueString("vpn1.example.com"),
new ManagedProperty()
.setKey("username")
.setValueString("john.doe"))),
new ManagedPropertyBundle().setManagedProperty(
ImmutableList.of(
new ManagedProperty()
.setKey("server")
.setValueString("vpn2.example.com"),
new ManagedProperty()
.setKey("username")
.setValueString("jane.doe")))))));
For more information on the different configuration properties that an app can support, see Define Managed Configurations.
List an app's configuration profiles
Depending on how you design your solution, you may want to display a list of
saved configurations profiles for an app. To retrieve this list, call
Managedconfigurationssettings.list.