Skip to main content
S
sravanthi
Level 1.6: Donut
December 20, 2023
Solved

Device Owner Provisioning

  • December 20, 2023
  • 4 replies
  • 3 views

Hi Team,

 

I am trying to make my application as device owner app, I am trying to use QR code for provisioning. I am unable to acheive the result. When I scan the QR code  which I have generated (Generated QR code without enrollment token) in a factory reset device I am getting an error stating " Couldn't set up your device, for help contact your IT admin. Could you please help me where I am going wrong.
when I tried getting Enrollment Token using AMAPI I am getting the following error

com.google.api.client.googleapis.json.GoogleJsonResponseException: 400 Bad Request
POST https://androidmanagement.googleapis.com/v1/enterprises/%7B573991258109%7D/enrollmentTokens
{
"code" : 400,
"errors" : [ {
"domain" : "global",
"message" : "Invalid enterprise id. Provide a valid id.",
"reason" : "badRequest"
} ],
"message" : "Invalid enterprise id. Provide a valid id.",
"status" : "INVALID_ARGUMENT"
}

    Best answer by Moombas

    Is there any way to move to device owner without enrollment token?


    Not as far as i know of as the enrollment token/id/url or whatever the MDM expects is pointing to the relvant enrollment rule to be used (because in each MDM you can have several).

    Otherwise the MDM doesn't know how to proceed forward with the device (which settings to deploy, is it COPE, fully managed or just BYOD, and so on).

    4 replies

    M
    Moombas
    Level 4.4: KitKat
    December 20, 2023

    Please provide an example QR code you used, it should look like this (example using Soti Mobicontrol as MDM, providing a Wifi):

    {"android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM":"hn8mSNJMPcovWbnnWrb-uMpWZjNlNp-jyV_2A-Whumc=",

    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME":"net.soti.mobicontrol.androidwork/net.soti.mobicontrol.admin.DeviceAdminAdapter",

    "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION":"http://soti.net/apk/ae2",

    "android.app.extra.PROVISIONING_WIFI_SSID":"AnySSID",

    "android.app.extra.PROVISIONING_WIFI_SECURITY_TYPE":"WPA",

    "android.app.extra.PROVISIONING_WIFI_PASSWORD":"password",

    "android.app.extra.PROVISIONING_USE_MOBILE_DATA":true,

    "android.app.extra.PROVISIONING_SKIP_ENCRYPTION":true,

    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{

    "enrollmentId":"IDorURL_used_for_enrollment",

    "PROVISIONING_MODE":"MANAGED_PROFILE"

    }

    }

    S
    sravanthiAuthor
    Level 1.6: Donut
    December 20, 2023

    Hello,

    This is the sample Json format which Iam using to generate QR code

    {
    "android.app.extra.PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME": "com.android.client/com.android.utils.AdminReceiver", "android.app.extra.PROVISIONING_DEVICE_ADMIN_SIGNATURE_CHECKSUM": "8:F9:D0:08:D9:82:B7:29:E2:7E:47:BB:BD:C2:EB:8D:BE:04:0F:C0:05", "android.app.extra.PROVISIONING_DEVICE_ADMIN_PACKAGE_DOWNLOAD_LOCATION": "
    https://android.eu-1.amazonaws.com/Android-V71-1623538246-024-aHR0cHM6C5hcHAvRGFzaGJvYXJkLw%3D%3D.apk",

    }

    M
    Moombas
    Level 4.4: KitKat
    December 20, 2023

    You need this always: 

    "android.app.extra.PROVISIONING_ADMIN_EXTRAS_BUNDLE":{

    "enrollmentId":"IDorURL_used_for_enrollment",

    "PROVISIONING_MODE":"MANAGED_PROFILE"

    }

    J
    jeremy
    Level 1.6: Donut
    December 20, 2023

    Your enterprise ID is incorrect, you should first use the enterprise endpoint to enroll your enterprise and create your enterprise on Google servers.

    Then you use the ID of the enterprise returned by Google to use the other API endpoint to create your enrollment token and manage your devices.

    S
    sravanthiAuthor
    Level 1.6: Donut
    December 20, 2023

    Could you please share me any code snippet or relevant document for the same. It will really help me.


    Thanks in Advance

    J
    jeremy
    Level 1.6: Donut
    December 20, 2023

    You can use this https://github.com/codybrookshear/android-deviceowner-kotlin to create your own device owner without using the Google Management API

    S
    sravanthiAuthor
    Level 1.6: Donut
    December 21, 2023

    I tried this, but it is not working.

    J
    jeremy
    Level 1.6: Donut
    December 22, 2023

    The enrollement token provided but the Google API are only valid when used with the Google Android Management API. If you plan to create your own device owner you don't need these token, just create your own app by following this guide https://developer.android.com/reference/android/app/admin/DevicePolicyManager and this blog article which details the process:

     

    https://medium.com/@codybrookshear/creating-an-android-device-owner-app-in-2023-b7e7b9fb3aca

    Terms & ConditionsCookie settingsAccessibility statement