In [0]:
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# https://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
If you have not yet read the Android Management API Codelab we recommend that you do so before using this notebook. If you opened this notebook from the Codelab then follow the next instructions on the Codelab.
In order to run this notebook, you need:
The base resource of your Android Management solution is a Google Cloud Platform project. All other resources (Enterprises, Devices, Policies, etc) belong to the project and the project controls access to these resources. A solution is typically associated with a single project, but you can create multiple projects if you want to restrict access to resources.
For this Codelab we have already created a project for you (project ID: android-management-io-codelab).
To create and access resources, you need to authenticate with an account that has edit rights over the project. The account running this Codelab has been given rights over the project above. To start the authentication flow, run the cell below.
To run a cell:
When you build a server-based solution, you should create a service account so you don't need to authorize the access every time.
In [0]:
from apiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from random import randint
# This is a public OAuth config, you can use it to run this guide but please use
# different credentials when building your own solution.
CLIENT_CONFIG = {
'installed': {
'client_id':'882252295571-uvkkfelq073vq73bbq9cmr0rn8bt80ee.apps.googleusercontent.com',
'client_secret': 'S2QcoBe0jxNLUoqnpeksCLxI',
'auth_uri':'https://accounts.google.com/o/oauth2/auth',
'token_uri':'https://accounts.google.com/o/oauth2/token'
}
}
SCOPES = ['https://www.googleapis.com/auth/androidmanagement']
# Run the OAuth flow.
flow = InstalledAppFlow.from_client_config(CLIENT_CONFIG, SCOPES)
credentials = flow.run_console()
# Create the API client.
androidmanagement = build('androidmanagement', 'v1', credentials=credentials)
print('\nAuthentication succeeded.')
An Enterprise resource binds an organization to your Android Management solution.
Devices and Policies both belong to an enterprise. Typically, a single enterprise
resource is associated with a single organization. However, you can create multiple
enterprises for the same organization based on their needs. For example, an
organization may want separate enterprises for its different departments or regions.
For this Codelab we have already created an enterprise for you. Run the next cell to select it.
In [0]:
enterprise_name = 'enterprises/LC02de1hmx'
A Policy is a group of settings that determine the behavior of a managed device
and the apps installed on it. Each Policy resource represents a unique group of device
and app settings and can be applied to one or more devices. Once a device is linked to
a policy, any updates to the policy are automatically applied to the device.
To create a basic policy, run the cell below. You'll see how to create more advanced policies later in this guide.
In [0]:
import json
# Create a random policy name to avoid colision with other Codelabs
if 'policy_name' not in locals():
policy_name = enterprise_name + '/policies/' + str(randint(1, 1000000000))
policy_json = '''
{
"applications": [
{
"packageName": "com.google.samples.apps.iosched",
"installType": "FORCE_INSTALLED"
}
],
"debuggingFeaturesAllowed": true
}
'''
androidmanagement.enterprises().policies().patch(
name=policy_name,
body=json.loads(policy_json)
).execute()
Provisioning refers to the process of enrolling a device with an enterprise, applying the appropriate policies to the device, and guiding the user to complete the set up of their device in accordance with those policies. Before attempting to provision a device, ensure that the device is running Android 6.0 or above.
You need an enrollment token for each device that you want to provision (you can use the same token for multiple devices), when creating a token you can specify a policy that will be applied to the device.
In [0]:
enrollment_token = androidmanagement.enterprises().enrollmentTokens().create(
parent=enterprise_name,
body={"policyName": policy_name}
).execute()
Embed your enrollment token in either an enrollment link or a QR code, and then follow the provisioning instructions below.
In [0]:
from urllib.parse import urlencode
image = {
'cht': 'qr',
'chs': '500x500',
'chl': enrollment_token['qrCode']
}
qrcode_url = 'https://chart.googleapis.com/chart?' + urlencode(image)
print('Please visit this URL to scan the QR code:', qrcode_url)
In [0]:
enrollment_link = 'https://enterprise.google.com/android/enroll?et=' + enrollment_token['value']
print('Please open this link on your device:', enrollment_link)
The method for provisioning a device varies depending on the management mode you want to use.
In fully managed mode the entire device is managed and the device needs to be factory reset before setup. To set up a device in fully managed mode you need to use a QR code.
For devices running Android 7.0 or above:
For devices running Android 6.0:
In work profile mode corporate apps and data are kept secure in a self-contained work profile while the user keeps control of the rest of the device. To set up a work profile you can either use a QR code or an enrollment link.
Using the enrollment link:
Or using the QR code:
By now you should have a managed device configured with a basic policy, but there's much more you can do with the Android Management API.
First, we recommend exploring the range of available policies to build the right policy for your needs.
Next, explore other features of the Android Management API:
Or start developing a server-based solution: