Deficated device setup without EMM or NFC or camera?

123 views Asked by At

I want to provide my application on dedicated devices, with minimal setup. I am confused by the documentation at https://developers.google.com/android/management/introduction Specifically:

  1. The documentation says I need an EMM console. I don't want an EMM console. is there a way to configure a COSU device without an EMM? The company already has an EMM for general-purpose mobility devices. But these dedicated devices are not to be managed in the company EMM. What am I to do?

  2. Is there a way that does not use QR Codes (which require a camera), NFC (which is omitted on some models) or a time-consuming sign-in procedure? In an ideal world (like on iOS), I can reset a device, and plug it in to a loading station, the loading station does all the work and indicates that the device can be unplugged. Is there a way to provide this information (i.e. adb push or load a file from the web instead)? My app currently provides Wifi credentials to avoid having to enter them.

  3. Is there a way to configure the ADB debugging service to be on with the Management API?

1

There are 1 answers

1
theo On

Some good questions here, hopefully you'll find my answers useful :)

  1. While you don't need to create a proper EMM UI, you somehow need to create an API Client project in Google Cloud and enable the AM APIs. Then you can easily create an enterprise from there. For example, you could easily have a solution like the one bellow (Java)

from apiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow

# Use your own credentials when building your own solution. 
CLIENT_CONFIG = {
    'installed': {
        'client_id':'INSERT_YOUR_CLIENT_ID',
        'client_secret': 'YOUR_SECRET',
        'auth_uri':'https://accounts.google.com/o/oauth2/auth',
        'token_uri':'https://accounts.google.com/o/oauth2/token'
    }
}
SCOPES = ['https://www.googleapis.com/auth/androidmanagement']

# Run the OAuth flow.
flow = InstalledAppFlow.from_client_config(CLIENT_CONFIG, SCOPES)
credentials = flow.run_console()

# Create the API client.
androidmanagement = build('androidmanagement', 'v1', credentials=credentials)

  1. Yes there are. QR code is just one of them, but you can also trigger the setup using afw#setup or a custom enrollemnt URL. See help article here: https://developers.google.com/android/management/provision-device. And of course, there is even an easier solution where a device, out of the box will be enrolled and that's called Zero Touch (ZT) setup for Android 8.0+ devices (https://developers.google.com/android/management/provision-device#zero-touch_enrollment)

  2. You might be interested to use debuggingFeaturesAllowed in your policy, that will let you enable ADB debugging. See reference here: https://developers.google.com/android/management/reference/rest/v1/enterprises.policies

Theo L.

Android Enterprise