Important: We are no longer accepting new registrations for the Play EMM API. Learn more.

Users

For a list of methods for this resource, see the end of this page.

Resource representations

A Users resource represents an account associated with an enterprise. The account may be specific to a device or to an individual user (who can then use the account across multiple devices). The account may provide access to managed Google Play only, or to other Google services, depending on the identity model:

The Google managed domain identity model requires synchronization to Google account sources (via primaryEmail).
The managed Google Play Accounts identity model provides a dynamic means for enterprises to create user or device accounts as needed. These accounts provide access to managed Google Play.

{
  "kind": "androidenterprise#user",
  "id": string,
  "managementType": string,
  "accountType": string,
  "primaryEmail": string,
  "accountIdentifier": string,
  "displayName": string
}

Property name	Value	Description	Notes
`accountIdentifier`	`string`	A unique identifier you create for this user, such as "user342" or "asset#44418". Do not use personally identifiable information (PII) for this property. Must always be set for EMM-managed users. Not set for Google-managed users.
`accountType`	`string`	The type of account that this user represents. A `userAccount` can be installed on multiple devices, but a `deviceAccount` is specific to a single device. An EMM-managed user (`emmManaged`) can be either type (`userAccount`, `deviceAccount`), but a Google-managed user (`googleManaged`) is always a `userAccount`. Acceptable values are: "`deviceAccount`" "`userAccount`"
`displayName`	`string`	The name that will appear in user interfaces. Setting this property is optional when creating EMM-managed users. If you do set this property, use something generic about the organization (such as "Example, Inc.") or your name (as EMM). Not used for Google-managed user accounts.	writable
`id`	`string`	The unique ID for the user.
`kind`	`string`
`managementType`	`string`	The entity that manages the user. With `googleManaged` users, the source of truth is Google so EMMs have to make sure a Google Account exists for the user. With `emmManaged` users, the EMM is in charge. Acceptable values are: "`emmManaged`" "`googleManaged`"
`primaryEmail`	`string`	The user's primary email address, for example, "jsmith@example.com". Will always be set for Google managed users and not set for EMM managed users.

Methods

delete: Deleted an EMM-managed user.
generateAuthenticationToken: Generates an authentication token which the device policy client can use to provision the given EMM-managed user account on a device. The generated token is single-use and expires after a few minutes.

You can provision a maximum of 10 devices per user.

This call only works with EMM-managed accounts.
get: Retrieves a user's details.
getAvailableProductSet: Deprecated: New integrations cannot use this method and can refer to our new recommendations.
This method will no longer be accessible by anyone after September 30, 2025.
Retrieves the set of products a user is entitled to access.
insert: Creates a new EMM-managed user.

The Users resource passed in the body of the request should include an accountIdentifier and an accountType.
If a corresponding user already exists with the same account identifier, the user will be updated with the resource. In this case only the displayName field can be changed.
list: Looks up a user by primary email address. This is only supported for Google-managed users. Lookup of the id is not needed for EMM-managed users because the id is already returned in the result of the Users.insert call.
revokeDeviceAccess: Revokes access to all devices currently provisioned to the user. The user will no longer be able to use the managed Play store on any of their managed devices.

This call only works with EMM-managed accounts.
setAvailableProductSet: Deprecated: New integrations cannot use this method and can refer to our new recommendations.
This method will no longer be accessible by anyone after September 30, 2025.
Modifies the set of products that a user is entitled to access (referred to as whitelisted products). Only products that are approved or products that were previously approved (products with revoked approval) can be whitelisted.
update: Updates the details of an EMM-managed user.

Can be used with EMM-managed users only (not Google managed users). Pass the new details in the Users resource in the request body. Only the displayName field can be changed. Other fields must either be unset or have the currently active value.